[USN-8220-1] HtmlUnit vulnerability

========================================================================== Ubuntu Security Notice USN-8220-1 May 05, 2026 htmlunit vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: HtmlUnit could be made to run programs as your login if it opened a malicious website. Software Description: - htmlunit: headless web browser written in Java Details: It was discovered that HtmlUnit was vulnerable to remote code execution via XSLT when browsing an attacker-controlled webpage. An attacker could possibly use this issue to execute arbitrary code in the context of the application using HtmlUnit. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS libhtmlunit-java 2.8-3ubuntu1+esm1 Available with Ubuntu Pro Ubuntu 16.04 LTS libhtmlunit-java 2.8-1ubuntu2.1+esm1 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8220-1 CVE-2023-49093