Description
A sandbox escape vulnerability exists in the OpenJDK packages provided in Ubuntu. The .jar MIME handlers installed by these packages execute files marked as executable when the mailcap package is installed. A compromised or malicious sandboxed application with access to the OpenURI portal via xdg-desktop-portal-gtk can write a malicious .jar file to the host file system, set its executable bit, and trigger the handler to execute arbitrary code outside of the sandbox environment.
Published: 2026-07-08
Score: 8.8 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A flaw in Ubuntu’s OpenJDK packages allows an attacker to escape the application sandbox by creating a malicious executable .jar file on the host file system. When the mailcap package is installed, the system’s .jar MIME handler automatically executes files that have the executable bit set. This improper input validation (CWE-20) gives an attacker the ability to run arbitrary code outside the sandbox, potentially leading to full system compromise.

Affected Systems

Ubuntu systems that include the OpenJDK packages together with the mailcap package and the xdg-desktop-portal-gtk component are affected. No specific package version range is provided, so the vulnerability applies to any installation that has these components installed.

Risk and Exploitability

The vulnerability carries a CVSS score of 8.8, indicating a high severity. EPSS is not available and the issue is not listed in CISA KEV, suggesting no known public exploitation yet. The likely attack path involves a sandboxed application with access to the OpenURI portal writing a malicious .jar file to disk, marking it executable, and then triggering the system’s MIME handler to run it. Successful exploitation would bypass the sandbox and grant the attacker arbitrary code execution on the host.

Generated by OpenCVE AI on July 9, 2026 at 09:07 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Disable or uninstall the mailcap package so that .jar MIME handlers are not automatically executed.
  • Restrict or disable the xdg-desktop-portal-gtk service to prevent sandboxed applications from using the OpenURI portal.
  • Apply the official OpenJDK update from Ubuntu as soon as it becomes available, and if none is yet released, continue to monitor Ubuntu security advisories for a fix.

Generated by OpenCVE AI on July 9, 2026 at 09:07 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Ubuntu USN Ubuntu USN USN-8518-1 mailcap vulnerability
History

Wed, 08 Jul 2026 23:15:00 +0000

Type Values Removed Values Added
First Time appeared Canonical
Canonical ubuntu
Vendors & Products Canonical
Canonical ubuntu

Wed, 08 Jul 2026 21:45:00 +0000

Type Values Removed Values Added
Description A sandbox escape vulnerability exists in the OpenJDK packages provided in Ubuntu. The .jar MIME handlers installed by these packages execute files marked as executable when the mailcap package is installed. A compromised or malicious sandboxed application with access to the OpenURI portal via xdg-desktop-portal-gtk can write a malicious .jar file to the host file system, set its executable bit, and trigger the handler to execute arbitrary code outside of the sandbox environment.
Title Sandbox Escape in Ubuntu OpenJDK Packages via xdg-desktop-portal
Weaknesses CWE-20
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H'}


Subscriptions

Canonical Ubuntu
cve-icon MITRE

Status: PUBLISHED

Assigner: canonical

Published:

Updated: 2026-07-08T21:18:56.577Z

Reserved: 2026-05-28T19:27:23.004Z

Link: CVE-2026-10037

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-09T09:15:05Z

Weaknesses
  • CWE-20

    Improper Input Validation