Sandbox Escape Vulnerability in OpenJDK Packages on Ubuntu
CVE-2026-10037
8.8HIGH
What is CVE-2026-10037?
A sandbox escape vulnerability has been discovered in the OpenJDK packages included with Ubuntu. The vulnerability arises from the .jar MIME handlers which execute files marked as executable when the mailcap package is present. This allows a compromised or malicious application, operating within the sandbox environment and having access to the OpenURI portal through xdg-desktop-portal-gtk, to write harmful .jar files to the host file system. By setting the executable bit on these files, it could prompt the handler to run arbitrary code outside of the restricted environment, compromising system security.
Affected Version(s)
Ubuntu 0 < 3.70+nmu1ubuntu1.22.04.1
Ubuntu 0 < 3.70+nmu1ubuntu1.24.04.1
Ubuntu 0 < 3.74ubuntu1.1
