VYPR
← All advisories
Unrated severityNVD Advisory· Published May 24, 2026· Updated May 25, 2026

CVE-2026-48831

CVE-2026-48831

Description

Wine ships a .desktop file that registers itself as a MIME handler for EXE files and several other Windows executable file types. In some configurations, handling of an EXE file causes that file to be blindly executed with the permissions of the invoker. This allows escaping Flatpak and Snap sandboxes, because MIME handlers are not intended for use by code interpreters and loaders. NOTE: some parties feel that this is not a bug to be addressed in Wine, because there is no known solution that avoids a severe loss of usability (Wine could be a binfmt-misc handler, but binfmt-misc does not exist on all platforms supported by Wine).

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Wine .desktop MIME handler for EXE files can blindly execute them, enabling sandbox escape from Flatpak and Snap.

Vulnerability

Wine ships a .desktop file that registers itself as a MIME handler for Windows executables (EXE, etc.) [1]. In configurations where this handler is used, opening an EXE file causes it to be executed without user awareness of the code execution risk, violating the principle that MIME handlers should not blindly execute code. The issue affects Wine across many versions.

Exploitation

An attacker can exploit this by delivering a malicious EXE file (e.g., via download, email, or shared storage) to a user inside a Flatpak or Snap sandbox that uses Wine as the MIME handler. If the user opens the file (e.g., double-clicks or navigates to it), the EXE is executed outside the sandbox with the user's permissions, escaping containment.

Impact

Successful exploitation allows arbitrary code execution with the user's privileges outside the sandbox. This leads to full sandbox escape, compromising isolation guarantees of Flatpak or Snap. Information disclosure, file modification, or further system compromise may follow.

Mitigation

As of May 2026, no official fix has been released by Wine. The issue is debated, with some arguing that changing behavior would cause severe usability loss [1]. Users may mitigate by removing or modifying the .desktop file, or by not using Wine as a MIME handler for EXE files. No patch is known; the vulnerability is not listed on CISA's KEV as of the publication date.

References
  1. security - On the issue of MIME handlers that execute arbitrary code (e.g. Wine)

AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

1

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

2

News mentions

0

No linked articles in our index yet.