CVE-2026-10037 in Ubuntuinfo

Zusammenfassung

von MITRE • 09.07.2026

A sandbox escape vulnerability exists in the OpenJDK packages provided in Ubuntu. The .jar MIME handlers installed by these packages execute files marked as executable when the mailcap package is installed. A compromised or malicious sandboxed application with access to the OpenURI portal via xdg-desktop-portal-gtk can write a malicious .jar file to the host file system, set its executable bit, and trigger the handler to execute arbitrary code outside of the sandbox environment.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Zuständig

Canonical

Reservieren

28.05.2026

Veröffentlichung

09.07.2026

Moderieren

akzeptiert

Eintrag

VDB-377038

CPE

bereit

EPSS

0.00000

KEV

nein

Aktivitäten

very low

Quellen

Want to stay up to date on a daily basis?

Enable the mail alert feature now!