8.8

CVE-2026-10037

Sandbox Escape in Ubuntu OpenJDK Packages via xdg-desktop-portal

A sandbox escape vulnerability exists in the OpenJDK packages provided in Ubuntu. The .jar MIME handlers installed by these packages execute files marked as executable when the mailcap package is installed. A compromised or malicious sandboxed application with access to the OpenURI portal via xdg-desktop-portal-gtk can write a malicious .jar file to the host file system, set its executable bit, and trigger the handler to execute arbitrary code outside of the sandbox environment.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerCanonical
Produkt Ubuntu
Default Statusunaffected
HerstellerCanonical
Produkt Ubuntu
Default Statusunaffected
HerstellerCanonical
Produkt Ubuntu
Default Statusunaffected
HerstellerCanonical
Produkt Ubuntu
Default Statusunaffected
HerstellerCanonical
Produkt Ubuntu
Default Statusunaffected
HerstellerCanonical
Produkt Ubuntu
Default Statusunaffected
HerstellerCanonical
Produkt Ubuntu
Default Statusunaffected
HerstellerCanonical
Produkt Ubuntu
Default Statusunaffected
HerstellerCanonical
Produkt Ubuntu
Default Statusunaffected
HerstellerCanonical
Produkt Ubuntu
Default Statusunaffected
Version 0
Version < 3.70+nmu1ubuntu1.22.04.1
Status affected
Version 0
Version < 3.70+nmu1ubuntu1.24.04.1
Status affected
Version 0
Version < 3.74ubuntu1.1
Status affected
Version 0
Version < 3.75ubuntu1.1
Status affected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.12% 0.022
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
security@ubuntu.com 8.8 2 6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://bugs.launchpad.net/ubuntu/+source/openjdk-25/+bug/2153100