CVE-2026-48831 - Vulnerability Details

Description

Wine ships a .desktop file that registers itself as a MIME handler for EXE files and several other Windows executable file types. In some configurations, handling of an EXE file causes that file to be blindly executed with the permissions of the invoker. This allows escaping Flatpak and Snap sandboxes, because MIME handlers are not intended for use by code interpreters and loaders. NOTE: some parties feel that this is not a bug to be addressed in Wine, because there is no known solution that avoids a severe loss of usability (Wine could be a binfmt-misc handler, but binfmt-misc does not exist on all platforms supported by Wine).

Published: 2026-05-24

Score: 7.3 High

EPSS: n/a

KEV: No

Impact:

Action:

Analysis

Impact

Wine ships a .desktop file that registers itself as a MIME handler for EXE and other Windows executable types. When a user opens an EXE file, the handler blindly executes it with the current user’s privileges. This flaw permits an attacker to run arbitrary code with those privileges and escape the containment of Flatpak and Snap sandboxes, effectively bypassing container security.

Affected Systems

The vulnerability affects any installation of Wine distributed by WineHQ. Because the .desktop file is included in the standard package, all systems that install the default Wine package are potentially impacted. No specific version numbers are listed, but the flaw exists in any Wine release that ships the described file.

Risk and Exploitability

The CVSS score is 7.3, indicating a high severity vulnerability. The EPSS score is not available, and the flaw is not yet listed in CISA KEV, suggesting limited evidence of widespread exploitation at this time. The attack vector is local; a user or process that can trigger the MIME handler can execute a malicious EXE, potentially leading to sandbox escape. The lack of a patch means the only immediate resolution is to remove the MIME handler.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

WineHQ

Wine

unknown

Version	Status	Constraints
`0.9`	affected	≤ 11.0

No data.

Vendor Product Confidence Versions

Winehq

Wine

95%

Version	Status	Scheme	Platform
`[0.9,11.0]`	affected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

Vendor Workaround

Remove /usr/share/applications/wine.desktop from the system to unregister the MIME handler that introduces the vulnerability.

OpenCVE Recommended Actions

Delete the file /usr/share/applications/wine.desktop to disable the MIME handler.
Configure the packaging system or policy to prevent Wine from registering MIME types, such as removing the appropriate MIME type entries from the system’s MIME database.
Add a security policy that blocks execution of any .exe file within Flatpak or Snap containers to mitigate potential sandbox escape.
Monitor for any future Wine patches or updates that address the MIME handler flaw and apply them promptly.

Generated by OpenCVE AI on May 24, 2026 at 22:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Local

Attack Complexity Low

Privileges Required None

Attack Requirements Present

User Interaction Passive

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://bugs.winehq.org/show_bug.cgi?id=59767
https://www.openwall.com/lists/oss-security/2026/05/19/1

History

Sun, 24 May 2026 22:45:00 +0000

Type	Values Removed	Values Added
Title		Wine MIME handler can execute Windows executables with user privileges, allowing Flatpak/Snap sandbox escape

Sun, 24 May 2026 21:30:00 +0000

Type	Values Removed	Values Added
Description		Wine ships a .desktop file that registers itself as a MIME handler for EXE files and several other Windows executable file types. In some configurations, handling of an EXE file causes that file to be blindly executed with the permissions of the invoker. This allows escaping Flatpak and Snap sandboxes, because MIME handlers are not intended for use by code interpreters and loaders. NOTE: some parties feel that this is not a bug to be addressed in Wine, because there is no known solution that avoids a severe loss of usability (Wine could be a binfmt-misc handler, but binfmt-misc does not exist on all platforms supported by Wine).
First Time appeared		Winehq Winehq wine
Weaknesses		CWE-669
CPEs		cpe:2.3:a:winehq:wine::::::::
Vendors & Products		Winehq Winehq wine
References		https://bugs.winehq.org/show_bug.cgi?id=59767 https://www.openwall.com/lists/oss-security/2026/05/19/1
Metrics		cvssV4_0 `{'score': 7.3, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/AU:N/V:D/U:Clear'}`

Subscriptions

Winehq Wine

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2026-05-24T20:52:36.535Z

Updated: 2026-05-25T03:07:02.395Z

Reserved: 2026-05-24T20:52:35.810Z

Link: CVE-2026-48831

Vulnrichment

No data.

NVD

No data.

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-05-24T23:15:10Z

Weaknesses

CWE-669

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required None

Attack Requirements Present

User Interaction Passive

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object