Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.9
Wine registers itself as a handler for Windows executable files
DEBIAN-CVE-2026-48831
Summary
Wine incorrectly handles Windows executable files in some cases, potentially allowing malicious code to escape restricted environments. This is a concern because it could compromise the security of systems that use Wine to run Windows applications. To mitigate this issue, consider using an alternative method to run Windows applications.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Ecosystem | Vendor | Product | Affected versions |
|---|---|---|---|
| Debian:11 | debian | wine | All versions |
| Debian:12 | debian | wine | All versions |
| Debian:13 | debian | wine | All versions |
Original title
Wine ships a .desktop file that registers itself as a MIME handler for EXE files and several other Windows executable file types. In some configurations, handling of an EXE file causes that file to...
Original description
Wine ships a .desktop file that registers itself as a MIME handler for EXE files and several other Windows executable file types. In some configurations, handling of an EXE file causes that file to be blindly executed with the permissions of the invoker. This allows escaping Flatpak and Snap sandboxes, because MIME handlers are not intended for use by code interpreters and loaders. NOTE: some parties feel that this is not a bug to be addressed in Wine, because there is no known solution that avoids a severe loss of usability (Wine could be a binfmt-misc handler, but binfmt-misc does not exist on all platforms supported by Wine).
osv CVSS4.0
8.9
- https://security-tracker.debian.org/tracker/CVE-2026-48831 Vendor Advisory
Published: 24 May 2026 · Updated: 25 May 2026 · First seen: 25 May 2026