RHSA-2026:9256
Vulnerability from csaf_redhat - Published: 2026-04-22 15:44 - Updated: 2026-04-22 19:36Summary
Red Hat Security Advisory: OpenJDK 11.0.31 ELS Security Update for Windows Builds
Severity
Important
Notes
Topic: An update is now available for OpenJDK.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: The OpenJDK 11 packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit.
This release of the Red Hat build of OpenJDK 11 (11.0.31) with Extended Lifecycle Support for Windows serves as a replacement for the Red Hat build of OpenJDK 11 (11.0.30) and includes security and bug fixes as well as enhancements. For further information, refer to the release notes linked to in the References section.
Security Fix(es):
* JDK: (CVE-2026-22007)
* JDK: (CVE-2026-22016)
* JDK: (CVE-2026-22013)
* JDK: (CVE-2026-22018)
* JDK: (CVE-2026-22021)
* JDK: (CVE-2026-34268)
* JDK: (CVE-2026-34282)
* JDK: (CVE-2026-23865)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
No description is available for this CVE.
CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
Vendor Fix
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:9256
No description is available for this CVE.
5.3 (Medium)
Vendor Fix
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:9256
No description is available for this CVE.
7.5 (High)
Vendor Fix
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:9256
No description is available for this CVE.
CWE-125 - Out-of-bounds Read
Vendor Fix
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:9256
No description is available for this CVE.
5.3 (Medium)
Vendor Fix
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:9256
A flaw was found in Freetype. An integer overflow vulnerability exists when processing specially crafted OpenType variable fonts. A local attacker could exploit this by convincing a user to open a malicious font file, which may lead to an out-of-bounds read and potential information disclosure or denial of service.
5.3 (Medium)
Vendor Fix
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:9256
No description is available for this CVE.
CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
Vendor Fix
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:9256
No description is available for this CVE.
7.5 (High)
Vendor Fix
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:9256
References
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for OpenJDK.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The OpenJDK 11 packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit.\n\nThis release of the Red Hat build of OpenJDK 11 (11.0.31) with Extended Lifecycle Support for Windows serves as a replacement for the Red Hat build of OpenJDK 11 (11.0.30) and includes security and bug fixes as well as enhancements. For further information, refer to the release notes linked to in the References section.\n\nSecurity Fix(es):\n\n* JDK: (CVE-2026-22007)\n* JDK: (CVE-2026-22016)\n* JDK: (CVE-2026-22013)\n* JDK: (CVE-2026-22018)\n* JDK: (CVE-2026-22021)\n* JDK: (CVE-2026-34268)\n* JDK: (CVE-2026-34282)\n* JDK: (CVE-2026-23865)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:9256",
"url": "https://access.redhat.com/errata/RHSA-2026:9256"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_build_of_openjdk/11/html/release_notes_for_red_hat_build_of_openjdk_11.0.31/index",
"url": "https://docs.redhat.com/en/documentation/red_hat_build_of_openjdk/11/html/release_notes_for_red_hat_build_of_openjdk_11.0.31/index"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_9256.json"
}
],
"title": "Red Hat Security Advisory: OpenJDK 11.0.31 ELS Security Update for Windows Builds",
"tracking": {
"current_release_date": "2026-04-22T19:36:04+00:00",
"generator": {
"date": "2026-04-22T19:36:04+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.5"
}
},
"id": "RHSA-2026:9256",
"initial_release_date": "2026-04-22T15:44:44+00:00",
"revision_history": [
{
"date": "2026-04-22T15:44:44+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-04-22T15:44:44+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-04-22T19:36:04+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "OPENJDK ELS 11.0.31",
"product": {
"name": "OPENJDK ELS 11.0.31",
"product_id": "OPENJDK ELS 11.0.31",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openjdk_els:11"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenJDK"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-22007",
"cwe": {
"id": "CWE-327",
"name": "Use of a Broken or Risky Cryptographic Algorithm"
},
"discovery_date": "2026-04-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2460038"
}
],
"notes": [
{
"category": "description",
"text": "No description is available for this CVE.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openjdk: OpenJDK: Enhance crypto algorithm support (Oracle CPU 2026-04)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"OPENJDK ELS 11.0.31"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-22007"
},
{
"category": "external",
"summary": "RHBZ#2460038",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460038"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-22007",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22007"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-22007",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22007"
},
{
"category": "external",
"summary": "https://www.oracle.com/security-alerts/cpuapr2026.html#AppendixJAVA",
"url": "https://www.oracle.com/security-alerts/cpuapr2026.html#AppendixJAVA"
}
],
"release_date": "2026-04-21T20:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-22T15:44:44+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"OPENJDK ELS 11.0.31"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:9256"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 2.9,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"OPENJDK ELS 11.0.31"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "openjdk: OpenJDK: Enhance crypto algorithm support (Oracle CPU 2026-04)"
},
{
"cve": "CVE-2026-22013",
"cwe": {
"id": "CWE-319",
"name": "Cleartext Transmission of Sensitive Information"
},
"discovery_date": "2026-04-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2460040"
}
],
"notes": [
{
"category": "description",
"text": "No description is available for this CVE.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openjdk: OpenJDK: Improve Kerberos credentialing (Oracle CPU 2026-04)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"OPENJDK ELS 11.0.31"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-22013"
},
{
"category": "external",
"summary": "RHBZ#2460040",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460040"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-22013",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22013"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-22013",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22013"
},
{
"category": "external",
"summary": "https://www.oracle.com/security-alerts/cpuapr2026.html#AppendixJAVA",
"url": "https://www.oracle.com/security-alerts/cpuapr2026.html#AppendixJAVA"
}
],
"release_date": "2026-04-21T20:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-22T15:44:44+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"OPENJDK ELS 11.0.31"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:9256"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"OPENJDK ELS 11.0.31"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openjdk: OpenJDK: Improve Kerberos credentialing (Oracle CPU 2026-04)"
},
{
"cve": "CVE-2026-22016",
"cwe": {
"id": "CWE-611",
"name": "Improper Restriction of XML External Entity Reference"
},
"discovery_date": "2026-04-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2460039"
}
],
"notes": [
{
"category": "description",
"text": "No description is available for this CVE.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openjdk: OpenJDK: Enhance Path Factories Redux (Oracle CPU 2026-04)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"OPENJDK ELS 11.0.31"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-22016"
},
{
"category": "external",
"summary": "RHBZ#2460039",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460039"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-22016",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22016"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-22016",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22016"
},
{
"category": "external",
"summary": "https://www.oracle.com/security-alerts/cpuapr2026.html#AppendixJAVA",
"url": "https://www.oracle.com/security-alerts/cpuapr2026.html#AppendixJAVA"
}
],
"release_date": "2026-04-21T20:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-22T15:44:44+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"OPENJDK ELS 11.0.31"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:9256"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"OPENJDK ELS 11.0.31"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "openjdk: OpenJDK: Enhance Path Factories Redux (Oracle CPU 2026-04)"
},
{
"cve": "CVE-2026-22018",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2026-04-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2460041"
}
],
"notes": [
{
"category": "description",
"text": "No description is available for this CVE.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openjdk: OpenJDK: Enhance Zip file reading (Oracle CPU 2026-04)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"OPENJDK ELS 11.0.31"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-22018"
},
{
"category": "external",
"summary": "RHBZ#2460041",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460041"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-22018",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22018"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-22018",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22018"
},
{
"category": "external",
"summary": "https://www.oracle.com/security-alerts/cpuapr2026.html#AppendixJAVA",
"url": "https://www.oracle.com/security-alerts/cpuapr2026.html#AppendixJAVA"
}
],
"release_date": "2026-04-21T20:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-22T15:44:44+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"OPENJDK ELS 11.0.31"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:9256"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"OPENJDK ELS 11.0.31"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "openjdk: OpenJDK: Enhance Zip file reading (Oracle CPU 2026-04)"
},
{
"cve": "CVE-2026-22021",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"discovery_date": "2026-04-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2460042"
}
],
"notes": [
{
"category": "description",
"text": "No description is available for this CVE.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openjdk: OpenJDK: Enhance certificate chain validation (Oracle CPU 2026-04)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"OPENJDK ELS 11.0.31"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-22021"
},
{
"category": "external",
"summary": "RHBZ#2460042",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460042"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-22021",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22021"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-22021",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22021"
},
{
"category": "external",
"summary": "https://www.oracle.com/security-alerts/cpuapr2026.html#AppendixJAVA",
"url": "https://www.oracle.com/security-alerts/cpuapr2026.html#AppendixJAVA"
}
],
"release_date": "2026-04-21T20:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-22T15:44:44+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"OPENJDK ELS 11.0.31"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:9256"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"OPENJDK ELS 11.0.31"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openjdk: OpenJDK: Enhance certificate chain validation (Oracle CPU 2026-04)"
},
{
"cve": "CVE-2026-23865",
"discovery_date": "2026-03-02T17:01:54.514540+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2443891"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Freetype. An integer overflow vulnerability exists when processing specially crafted OpenType variable fonts. A local attacker could exploit this by convincing a user to open a malicious font file, which may lead to an out-of-bounds read and potential information disclosure or denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Freetype: Freetype: Information disclosure or denial of service via specially crafted font files",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is a MODERATE impact vulnerability. An integer overflow in the Freetype library can lead to an out-of-bounds read when processing specially crafted OpenType variable fonts. Exploitation requires user interaction, such as opening a malicious font file.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"OPENJDK ELS 11.0.31"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-23865"
},
{
"category": "external",
"summary": "RHBZ#2443891",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2443891"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-23865",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23865"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-23865",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23865"
},
{
"category": "external",
"summary": "https://gitlab.com/freetype/freetype/-/commit/fc85a255849229c024c8e65f536fe1875d84841c",
"url": "https://gitlab.com/freetype/freetype/-/commit/fc85a255849229c024c8e65f536fe1875d84841c"
},
{
"category": "external",
"summary": "https://sourceforge.net/projects/freetype/files/freetype2/2.14.2/",
"url": "https://sourceforge.net/projects/freetype/files/freetype2/2.14.2/"
},
{
"category": "external",
"summary": "https://www.facebook.com/security/advisories/cve-2026-23865",
"url": "https://www.facebook.com/security/advisories/cve-2026-23865"
},
{
"category": "external",
"summary": "https://www.oracle.com/security-alerts/cpuapr2026.html#AppendixJAVA",
"url": "https://www.oracle.com/security-alerts/cpuapr2026.html#AppendixJAVA"
}
],
"release_date": "2026-03-02T16:09:42.079000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-22T15:44:44+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"OPENJDK ELS 11.0.31"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:9256"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"OPENJDK ELS 11.0.31"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Freetype: Freetype: Information disclosure or denial of service via specially crafted font files"
},
{
"cve": "CVE-2026-34268",
"cwe": {
"id": "CWE-327",
"name": "Use of a Broken or Risky Cryptographic Algorithm"
},
"discovery_date": "2026-04-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2460043"
}
],
"notes": [
{
"category": "description",
"text": "No description is available for this CVE.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openjdk: OpenJDK: Enhance key generation (Oracle CPU 2026-04)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"OPENJDK ELS 11.0.31"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-34268"
},
{
"category": "external",
"summary": "RHBZ#2460043",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460043"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-34268",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34268"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-34268",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34268"
},
{
"category": "external",
"summary": "https://www.oracle.com/security-alerts/cpuapr2026.html#AppendixJAVA",
"url": "https://www.oracle.com/security-alerts/cpuapr2026.html#AppendixJAVA"
}
],
"release_date": "2026-04-21T20:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-22T15:44:44+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"OPENJDK ELS 11.0.31"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:9256"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 2.9,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"OPENJDK ELS 11.0.31"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "openjdk: OpenJDK: Enhance key generation (Oracle CPU 2026-04)"
},
{
"cve": "CVE-2026-34282",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"discovery_date": "2026-04-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2460044"
}
],
"notes": [
{
"category": "description",
"text": "No description is available for this CVE.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openjdk: OpenJDK: Enhance TLS connection handling (Oracle CPU 2026-04)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"OPENJDK ELS 11.0.31"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-34282"
},
{
"category": "external",
"summary": "RHBZ#2460044",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460044"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-34282",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34282"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-34282",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34282"
},
{
"category": "external",
"summary": "https://www.oracle.com/security-alerts/cpuapr2026.html#AppendixJAVA",
"url": "https://www.oracle.com/security-alerts/cpuapr2026.html#AppendixJAVA"
}
],
"release_date": "2026-04-21T20:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-22T15:44:44+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"OPENJDK ELS 11.0.31"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:9256"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"OPENJDK ELS 11.0.31"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "openjdk: OpenJDK: Enhance TLS connection handling (Oracle CPU 2026-04)"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…