Ctrl + K
/ news / CVE
CVEPublished 2026-05-24Modified 2026-05-260 articles on news5 live referencesNVD data

CVE-2026-48831

Vulnerability data via NVD (ingested)

CVSS v3.1
EPSS percentile
Weaknesses (CWE)
CWE-669Incorrect Resource Transfer Between Spheres
Description

Wine ships a .desktop file that registers itself as a MIME handler for EXE files and several other Windows executable file types. In some configurations, handling of an EXE file causes that file to be blindly executed with the permissions of the invoker. This allows escaping Flatpak and Snap sandboxes, because MIME handlers are not intended for use by code interpreters and loaders. NOTE: some parties feel that this is not a bug to be addressed in Wine, because there is no known solution that avoids a severe loss of usability (Wine could be a binfmt-misc handler, but binfmt-misc does not exist on all platforms supported by Wine).

Timeline
Published 2026-05-24
Modified 2026-05-26

External references

NVDMITREExploit-DBSploitusVulnCheck

Search for exposed instances

Shodan + Censys queries derived from NVD's CPE data. The vuln tag catches assets Shodan has explicitly linked to this CVE; the product / banner fingerprints find exposed instances even when the vuln tag was never applied (which is common).

Shodan · vuln tag0 hosts
vuln:CVE-2026-48831
Hosts Shodan has explicitly fingerprinted as vulnerable.
More intel sources (5)
Shodan report
vuln:CVE-2026-48831
Country / ASN / product breakdown for the vuln query.
Censys
vulnerabilities.cve_id: CVE-2026-48831
Censys host search filtered to this CVE id.
grep.app
CVE-2026-48831
Public source-code mentions — fast PoC discovery.
GitHub code
CVE-2026-48831
GitHub code search for direct mentions.
Google dork
"CVE-2026-48831" exploit -site:nvd.nist.gov
Write-ups and news, NVD excluded.

Known PoCs on GitHub

No public proof-of-concept repositories found for CVE-2026-48831 on GitHub.
We haven't classified any articles referencing CVE-2026-48831 yet. The external references above still apply.