Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
| Source | ID | Title |
|---|---|---|
Ubuntu USN |
USN-8518-1 | mailcap vulnerability |
Thu, 09 Jul 2026 13:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Wed, 08 Jul 2026 23:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Canonical
Canonical ubuntu |
|
| Vendors & Products |
Canonical
Canonical ubuntu |
Wed, 08 Jul 2026 21:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | A sandbox escape vulnerability exists in the OpenJDK packages provided in Ubuntu. The .jar MIME handlers installed by these packages execute files marked as executable when the mailcap package is installed. A compromised or malicious sandboxed application with access to the OpenURI portal via xdg-desktop-portal-gtk can write a malicious .jar file to the host file system, set its executable bit, and trigger the handler to execute arbitrary code outside of the sandbox environment. | |
| Title | Sandbox Escape in Ubuntu OpenJDK Packages via xdg-desktop-portal | |
| Weaknesses | CWE-20 | |
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: canonical
Published:
Updated: 2026-07-09T13:00:15.872Z
Reserved: 2026-05-28T19:27:23.004Z
Link: CVE-2026-10037
Updated: 2026-07-09T12:59:41.191Z
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-09T09:15:05Z
Ubuntu USN