CVE-2026-10037
Sandbox Escape in Ubuntu OpenJDK Packages via xdg-desktop-portal
CVSS Score
8.8
EPSS Score
0.1%
EPSS Percentile
2th
A sandbox escape vulnerability exists in the OpenJDK packages provided in Ubuntu. The .jar MIME handlers installed by these packages execute files marked as executable when the mailcap package is installed. A compromised or malicious sandboxed application with access to the OpenURI portal via xdg-desktop-portal-gtk can write a malicious .jar file to the host file system, set its executable bit, and trigger the handler to execute arbitrary code outside of the sandbox environment.
| CWE | CWE-20 |
| Vendor | canonical |
| Product | ubuntu |
| Ecosystems | |
| Industries | Technology |
| Published | Jul 8, 2026 |
| Last Updated | Jul 14, 2026 |
Stay Ahead of the Next One
Get instant alerts for canonical ubuntu
Be the first to know when new high vulnerabilities affecting canonical ubuntu are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High
Affected Versions
Canonical / Ubuntu
All versions affected Canonical / Ubuntu
All versions affected Canonical / Ubuntu
All versions affected Canonical / Ubuntu
All versions affected Canonical / Ubuntu
All versions affected Canonical / Ubuntu
All versions affected Canonical / Ubuntu
All versions affected Canonical / Ubuntu
All versions affected Canonical / Ubuntu
All versions affected Canonical / Ubuntu
0 < 3.70+nmu1ubuntu1.22.04.1 0 < 3.70+nmu1ubuntu1.24.04.1 0 < 3.74ubuntu1.1 0 < 3.75ubuntu1.1
References
Credits
Aaron Rainbolt