Ubuntu 18.04 16.04 HtmlUnit Important Remote Code Exec USN-8220-1
ubuntu
May 7, 2026
HtmlUnit could be made to run programs as your login if it opened a malicious website.
Summary
HtmlUnit could be made to run programs as your login if it
opened a malicious website.
Software Description:
- htmlunit: headless web browser written in Java
Details:
It was discovered that HtmlUnit was vulnerable to remote code execution
via XSLT when browsing an attacker-controlled webpage. An attacker could possibly use
this issue to execute arbitrary code in the context of the application using HtmlUnit.
Update Instructions
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.04 LTS
libhtmlunit-java 2.8-3ubuntu1+esm1
Available with Ubuntu Pro
Ubuntu 16.04 LTS
libhtmlunit-java 2.8-1ubuntu2.1+esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.References
https://ubuntu.com/security/notices/USN-8220-1
CVE-2023-49093
PREVIOUS 
NEXT Severity
important
Lowest
Low
Medium
High
Critical
Ubuntu Security Notice USN-8220-1
Package Information
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!