CVE-2026-48831

unknown

Published 2026-05-24 · Modified 2026-05-26

💬 Discuss on Community ✚ Propose mitigation

CVSS v3

—

CVSS v4 NEW

7.3

CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:X/V:D/RE:X/U:Clear

VIR risk

—

Description

Wine ships a .desktop file that registers itself as a MIME handler for EXE files and several other Windows executable file types. In some configurations, handling of an EXE file causes that file to be blindly executed with the permissions of the invoker. This allows escaping Flatpak and Snap sandboxes, because MIME handlers are not intended for use by code interpreters and loaders. NOTE: some parties feel that this is not a bug to be addressed in Wine, because there is no known solution that avoids a severe loss of usability (Wine could be a binfmt-misc handler, but binfmt-misc does not exist on all platforms supported by Wine).

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

Mitigation details

Source: Debian Security Tracker · View original ↗ · DFSG

CVE-2026-48831 NameCVE-2026-48831 DescriptionWine ships a .desktop file that registers itself as a MIME handler for EXE files and several other Windows executable file types. In some configurations, handling of an EXE file causes that file to be blindly executed with the permissions of the invoker. This allows escaping Flatpak and Snap sandboxes, because MIME handlers are not intended for use by…

CVE-2026-48831

Name	CVE-2026-48831
Description	Wine ships a .desktop file that registers itself as a MIME handler for EXE files and several other Windows executable file types. In some configurations, handling of an EXE file causes that file to be blindly executed with the permissions of the invoker. This allows escaping Flatpak and Snap sandboxes, because MIME handlers are not intended for use by code interpreters and loaders. NOTE: some parties feel that this is not a bug to be addressed in Wine, because there is no known solution that avoids a severe loss of usability (Wine could be a binfmt-misc handler, but binfmt-misc does not exist on all platforms supported by Wine).
Source	CVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
wine (PTS)	bullseye	5.0.3-3	vulnerable
	bookworm	8.0~repack-4	vulnerable
	trixie	10.0~repack-6	vulnerable
	sid	10.0~repack-12	vulnerable

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Origin	Debian Bugs
wine	source	(unstable)	(unfixed)

Notes

[trixie] - wine <no-dsa> (Minor issue)
[bookworm] - wine <no-dsa> (Minor issue)
https://bugs.winehq.org/show_bug.cgi?id=59767
https://www.openwall.com/lists/oss-security/2026/05/19/1
https://www.openwall.com/lists/oss-security/2026/05/25/1

Home - Debian Security - Source (Git)

Apply commands

text fix

Notes

[trixie] - wine <no-dsa> (Minor issue)[bookworm] - wine <no-dsa> (Minor issue)https://bugs.winehq.org/show_bug.cgi?id=59767https://www.openwall.com/lists/oss-security/2026/05/19/1https://www.openwall.com/lists/oss-security/2026/05/25/1

OS impact

Debian Affected 4 releases

Version	Status	Fixed in
trixie	Affected	—
sid	Affected	—
bullseye	Affected	—
bookworm	Affected	—

References

CWEs

CWE-669

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.