Sandbox Escape Vulnerability in OpenJDK Packages on Ubuntu
CVE-2026-10037

8.8HIGH

Key Information:

Vendor

Canonical

Status
Vendor
CVE Published:
8 July 2026

What is CVE-2026-10037?

A sandbox escape vulnerability has been discovered in the OpenJDK packages included with Ubuntu. The vulnerability arises from the .jar MIME handlers which execute files marked as executable when the mailcap package is present. This allows a compromised or malicious application, operating within the sandbox environment and having access to the OpenURI portal through xdg-desktop-portal-gtk, to write harmful .jar files to the host file system. By setting the executable bit on these files, it could prompt the handler to run arbitrary code outside of the restricted environment, compromising system security.

Affected Version(s)

Ubuntu 0 < 3.70+nmu1ubuntu1.22.04.1

Ubuntu 0 < 3.70+nmu1ubuntu1.24.04.1

Ubuntu 0 < 3.74ubuntu1.1

References

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Aaron Rainbolt
.