UBUNTU-CVE-2026-10037

Source
https://ubuntu.com/security/CVE-2026-10037
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-10037.json
JSON Data
https://api.osv.dev/v1/vulns/UBUNTU-CVE-2026-10037
Upstream
  • CVE-2026-10037
Downstream
Related
Published
2026-07-08T21:18:56Z
Modified
2026-07-09T03:00:05.985203729Z
Severity
  • Ubuntu - medium
Summary
[none]
Details

A sandbox escape vulnerability exists in the OpenJDK packages provided in Ubuntu. The .jar MIME handlers installed by these packages execute files marked as executable when the mailcap package is installed. A compromised or malicious sandboxed application with access to the OpenURI portal via xdg-desktop-portal-gtk can write a malicious .jar file to the host file system, set its executable bit, and trigger the handler to execute arbitrary code outside of the sandbox environment.

References

Affected packages

Ubuntu:16.04:LTS
openjdk-9

Package

Name
openjdk-9
Purl
pkg:deb/ubuntu/openjdk-9?arch=source&distro=xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

Other
9~b88-1
9~b101-2ubuntu2
9~b102-1
9~b113-0ubuntu1
9~b114-0ubuntu1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "openjdk-9-demo",
            "binary_version": "9~b114-0ubuntu1"
        },
        {
            "binary_name": "openjdk-9-jdk",
            "binary_version": "9~b114-0ubuntu1"
        },
        {
            "binary_name": "openjdk-9-jdk-headless",
            "binary_version": "9~b114-0ubuntu1"
        },
        {
            "binary_name": "openjdk-9-jre",
            "binary_version": "9~b114-0ubuntu1"
        },
        {
            "binary_name": "openjdk-9-jre-headless",
            "binary_version": "9~b114-0ubuntu1"
        },
        {
            "binary_name": "openjdk-9-source",
            "binary_version": "9~b114-0ubuntu1"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-10037.json"
Ubuntu:20.04:LTS
openjdk-13

Package

Name
openjdk-13
Purl
pkg:deb/ubuntu/openjdk-13?arch=source&distro=focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

Other
13+33-1
13.*
13.0.1+9-2
13.0.2+8-1
13.0.2+8-2
13.0.3+3-1ubuntu2
13.0.4+8-1~20.04
13.0.7+5-0ubuntu1~20.04

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "openjdk-13-demo",
            "binary_version": "13.0.7+5-0ubuntu1~20.04"
        },
        {
            "binary_name": "openjdk-13-jdk",
            "binary_version": "13.0.7+5-0ubuntu1~20.04"
        },
        {
            "binary_name": "openjdk-13-jdk-headless",
            "binary_version": "13.0.7+5-0ubuntu1~20.04"
        },
        {
            "binary_name": "openjdk-13-jre",
            "binary_version": "13.0.7+5-0ubuntu1~20.04"
        },
        {
            "binary_name": "openjdk-13-jre-headless",
            "binary_version": "13.0.7+5-0ubuntu1~20.04"
        },
        {
            "binary_name": "openjdk-13-jre-zero",
            "binary_version": "13.0.7+5-0ubuntu1~20.04"
        },
        {
            "binary_name": "openjdk-13-source",
            "binary_version": "13.0.7+5-0ubuntu1~20.04"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-10037.json"
openjdk-16

Package

Name
openjdk-16
Purl
pkg:deb/ubuntu/openjdk-16?arch=source&distro=focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

16.*
16.0.1+9-1~20.04

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "openjdk-16-demo",
            "binary_version": "16.0.1+9-1~20.04"
        },
        {
            "binary_name": "openjdk-16-jdk",
            "binary_version": "16.0.1+9-1~20.04"
        },
        {
            "binary_name": "openjdk-16-jdk-headless",
            "binary_version": "16.0.1+9-1~20.04"
        },
        {
            "binary_name": "openjdk-16-jre",
            "binary_version": "16.0.1+9-1~20.04"
        },
        {
            "binary_name": "openjdk-16-jre-headless",
            "binary_version": "16.0.1+9-1~20.04"
        },
        {
            "binary_name": "openjdk-16-jre-zero",
            "binary_version": "16.0.1+9-1~20.04"
        },
        {
            "binary_name": "openjdk-16-source",
            "binary_version": "16.0.1+9-1~20.04"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-10037.json"
Ubuntu:22.04:LTS
mailcap

Package

Name
mailcap
Purl
pkg:deb/ubuntu/mailcap?arch=source&distro=jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.70+nmu1ubuntu1.22.04.1

Affected versions

3.*
3.69ubuntu1
3.70ubuntu1
3.70+nmu1ubuntu1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "mailcap",
            "binary_version": "3.70+nmu1ubuntu1.22.04.1"
        }
    ],
    "availability": "No subscription required"
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-10037.json"
openjdk-18

Package

Name
openjdk-18
Purl
pkg:deb/ubuntu/openjdk-18?arch=source&distro=jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

Other
18~15ea-4
18~20ea-1
18~32ea-1
18~36ea-1
18.*
18.0.2+9-2~22.04

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "openjdk-18-demo",
            "binary_version": "18.0.2+9-2~22.04"
        },
        {
            "binary_name": "openjdk-18-jdk",
            "binary_version": "18.0.2+9-2~22.04"
        },
        {
            "binary_name": "openjdk-18-jdk-headless",
            "binary_version": "18.0.2+9-2~22.04"
        },
        {
            "binary_name": "openjdk-18-jre",
            "binary_version": "18.0.2+9-2~22.04"
        },
        {
            "binary_name": "openjdk-18-jre-headless",
            "binary_version": "18.0.2+9-2~22.04"
        },
        {
            "binary_name": "openjdk-18-jre-zero",
            "binary_version": "18.0.2+9-2~22.04"
        },
        {
            "binary_name": "openjdk-18-source",
            "binary_version": "18.0.2+9-2~22.04"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-10037.json"
Ubuntu:24.04:LTS
mailcap

Package

Name
mailcap
Purl
pkg:deb/ubuntu/mailcap?arch=source&distro=noble

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.70+nmu1ubuntu1.24.04.1

Affected versions

3.*
3.70+nmu1ubuntu1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "mailcap",
            "binary_version": "3.70+nmu1ubuntu1.24.04.1"
        }
    ],
    "availability": "No subscription required"
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-10037.json"
Ubuntu:25.10
mailcap

Package

Name
mailcap
Purl
pkg:deb/ubuntu/mailcap?arch=source&distro=questing

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.74ubuntu1.1

Affected versions

3.*
3.74ubuntu1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "mailcap",
            "binary_version": "3.74ubuntu1.1"
        }
    ],
    "availability": "No subscription required"
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-10037.json"
Ubuntu:26.04:LTS
mailcap

Package

Name
mailcap
Purl
pkg:deb/ubuntu/mailcap?arch=source&distro=resolute

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.75ubuntu1.1

Affected versions

3.*
3.74ubuntu1
3.75ubuntu1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "mailcap",
            "binary_version": "3.75ubuntu1.1"
        }
    ],
    "availability": "No subscription required"
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-10037.json"