Vulnerability-Lookup

WID-SEC-W-2026-1201

Vulnerability from csaf_certbund - Published: 2026-04-21 22:00 - Updated: 2026-05-20 22:00

Summary

Oracle Java SE: Mehrere Schwachstellen

Severity

Mittel

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: Die Java Platform, Standard Edition (SE) ist eine Sammlung von Java-APIs (JDK) und der Java Laufzeit Umgebung (JRE).

Angriff: Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle Java SE ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.

Betroffene Betriebssysteme: - Linux - Sonstiges - UNIX - Windows

CVE-2026-20652

Affected products

Known affected 32 products

Product	Identifier	Version
RealObjects PDFreactor <12.6.0 RealObjects / PDFreactor		<12.6.0
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Oracle GraalVM for JDK 21.0.10 Oracle / GraalVM	`cpe:/a:oracle:graalvm:21.0.10::for_jdk`	for JDK 21.0.10
Oracle Java SE 25.0.2 Oracle / Java SE	`cpe:/a:oracle:java_se:25.0.2`	25.0.2
Oracle Java SE 17.0.18 Oracle / Java SE	`cpe:/a:oracle:java_se:17.0.18`	17.0.18
IBM Business Automation Workflow IBM	`cpe:/a:ibm:business_automation_workflow:-`	—
Oracle Java SE 21.0.10 Oracle / Java SE	`cpe:/a:oracle:java_se:21.0.10`	21.0.10
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
NetApp ActiveIQ Unified Manager NetApp	`cpe:/a:netapp:active_iq_unified_manager:-`	—
Oracle Java SE 11.0.30 Oracle / Java SE	`cpe:/a:oracle:java_se:11.0.30`	11.0.30
IBM InfoSphere Information Server IBM	`cpe:/a:ibm:infosphere_information_server:-`	—
IBM Java 8.0.0.0-8.0.8.60 IBM / Java	`cpe:/a:ibm:jre:8.0.0.0_-_8.0.8.60`	8.0.0.0-8.0.8.60
IBM WebSphere Application Server IBM	`cpe:/a:ibm:websphere_application_server:-`	—
IBM Rational Software Architect IBM	`cpe:/a:ibm:rational_software_architect:-`	—
IBM Semeru Runtime IBM	`cpe:/a:ibm:semeru_runtime:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Oracle Java SE 8u481 Oracle / Java SE	`cpe:/a:oracle:java_se:8u481`	8u481
Oracle Java SE 8u481-b50 Oracle / Java SE	`cpe:/a:oracle:java_se:8u481-b50`	8u481-b50
IBM Java 7.1.0.0-7.1.5.29 IBM / Java	`cpe:/a:ibm:jre:7.1.0.0_-_7.1.5.29`	7.1.0.0-7.1.5.29
Oracle GraalVM Enterprise Edition 21.3.17 Oracle / GraalVM	`cpe:/a:oracle:graalvm:21.3.17::enterprise_edition`	Enterprise Edition 21.3.17
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Oracle GraalVM for JDK 17.0.18 Oracle / GraalVM	`cpe:/a:oracle:graalvm:17.0.18::for_jdk`	for JDK 17.0.18
Oracle Java SE 8u481-perf Oracle / Java SE	`cpe:/a:oracle:java_se:8u481-perf`	8u481-perf
Oracle Java SE 26 Oracle / Java SE	`cpe:/a:oracle:java_se:26`	26
Azul Zulu Azul	`cpe:/a:azul:zulu:-`	—
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IBM App Connect Enterprise IBM	`cpe:/a:ibm:app_connect_enterprise:-`	—
Open Source OpenJDK Open Source	`cpe:/a:oracle:openjdk:-`	—
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
IBM Tivoli Netcool/OMNIbus IBM	`cpe:/a:ibm:tivoli_netcool%2fomnibus:-`	—
IBM Content Manager 8.7 IBM / Content Manager	`cpe:/a:ibm:content_manager:8.7`	8.7

CVE-2026-22003

Affected products

Known affected 32 products

Product	Identifier	Version
RealObjects PDFreactor <12.6.0 RealObjects / PDFreactor		<12.6.0
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Oracle GraalVM for JDK 21.0.10 Oracle / GraalVM	`cpe:/a:oracle:graalvm:21.0.10::for_jdk`	for JDK 21.0.10
Oracle Java SE 25.0.2 Oracle / Java SE	`cpe:/a:oracle:java_se:25.0.2`	25.0.2
Oracle Java SE 17.0.18 Oracle / Java SE	`cpe:/a:oracle:java_se:17.0.18`	17.0.18
IBM Business Automation Workflow IBM	`cpe:/a:ibm:business_automation_workflow:-`	—
Oracle Java SE 21.0.10 Oracle / Java SE	`cpe:/a:oracle:java_se:21.0.10`	21.0.10
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
NetApp ActiveIQ Unified Manager NetApp	`cpe:/a:netapp:active_iq_unified_manager:-`	—
Oracle Java SE 11.0.30 Oracle / Java SE	`cpe:/a:oracle:java_se:11.0.30`	11.0.30
IBM InfoSphere Information Server IBM	`cpe:/a:ibm:infosphere_information_server:-`	—
IBM Java 8.0.0.0-8.0.8.60 IBM / Java	`cpe:/a:ibm:jre:8.0.0.0_-_8.0.8.60`	8.0.0.0-8.0.8.60
IBM WebSphere Application Server IBM	`cpe:/a:ibm:websphere_application_server:-`	—
IBM Rational Software Architect IBM	`cpe:/a:ibm:rational_software_architect:-`	—
IBM Semeru Runtime IBM	`cpe:/a:ibm:semeru_runtime:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Oracle Java SE 8u481 Oracle / Java SE	`cpe:/a:oracle:java_se:8u481`	8u481
Oracle Java SE 8u481-b50 Oracle / Java SE	`cpe:/a:oracle:java_se:8u481-b50`	8u481-b50
IBM Java 7.1.0.0-7.1.5.29 IBM / Java	`cpe:/a:ibm:jre:7.1.0.0_-_7.1.5.29`	7.1.0.0-7.1.5.29
Oracle GraalVM Enterprise Edition 21.3.17 Oracle / GraalVM	`cpe:/a:oracle:graalvm:21.3.17::enterprise_edition`	Enterprise Edition 21.3.17
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Oracle GraalVM for JDK 17.0.18 Oracle / GraalVM	`cpe:/a:oracle:graalvm:17.0.18::for_jdk`	for JDK 17.0.18
Oracle Java SE 8u481-perf Oracle / Java SE	`cpe:/a:oracle:java_se:8u481-perf`	8u481-perf
Oracle Java SE 26 Oracle / Java SE	`cpe:/a:oracle:java_se:26`	26
Azul Zulu Azul	`cpe:/a:azul:zulu:-`	—
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IBM App Connect Enterprise IBM	`cpe:/a:ibm:app_connect_enterprise:-`	—
Open Source OpenJDK Open Source	`cpe:/a:oracle:openjdk:-`	—
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
IBM Tivoli Netcool/OMNIbus IBM	`cpe:/a:ibm:tivoli_netcool%2fomnibus:-`	—
IBM Content Manager 8.7 IBM / Content Manager	`cpe:/a:ibm:content_manager:8.7`	8.7

CVE-2026-22007

Affected products

Known affected 32 products

Product	Identifier	Version
RealObjects PDFreactor <12.6.0 RealObjects / PDFreactor		<12.6.0
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Oracle GraalVM for JDK 21.0.10 Oracle / GraalVM	`cpe:/a:oracle:graalvm:21.0.10::for_jdk`	for JDK 21.0.10
Oracle Java SE 25.0.2 Oracle / Java SE	`cpe:/a:oracle:java_se:25.0.2`	25.0.2
Oracle Java SE 17.0.18 Oracle / Java SE	`cpe:/a:oracle:java_se:17.0.18`	17.0.18
IBM Business Automation Workflow IBM	`cpe:/a:ibm:business_automation_workflow:-`	—
Oracle Java SE 21.0.10 Oracle / Java SE	`cpe:/a:oracle:java_se:21.0.10`	21.0.10
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
NetApp ActiveIQ Unified Manager NetApp	`cpe:/a:netapp:active_iq_unified_manager:-`	—
Oracle Java SE 11.0.30 Oracle / Java SE	`cpe:/a:oracle:java_se:11.0.30`	11.0.30
IBM InfoSphere Information Server IBM	`cpe:/a:ibm:infosphere_information_server:-`	—
IBM Java 8.0.0.0-8.0.8.60 IBM / Java	`cpe:/a:ibm:jre:8.0.0.0_-_8.0.8.60`	8.0.0.0-8.0.8.60
IBM WebSphere Application Server IBM	`cpe:/a:ibm:websphere_application_server:-`	—
IBM Rational Software Architect IBM	`cpe:/a:ibm:rational_software_architect:-`	—
IBM Semeru Runtime IBM	`cpe:/a:ibm:semeru_runtime:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Oracle Java SE 8u481 Oracle / Java SE	`cpe:/a:oracle:java_se:8u481`	8u481
Oracle Java SE 8u481-b50 Oracle / Java SE	`cpe:/a:oracle:java_se:8u481-b50`	8u481-b50
IBM Java 7.1.0.0-7.1.5.29 IBM / Java	`cpe:/a:ibm:jre:7.1.0.0_-_7.1.5.29`	7.1.0.0-7.1.5.29
Oracle GraalVM Enterprise Edition 21.3.17 Oracle / GraalVM	`cpe:/a:oracle:graalvm:21.3.17::enterprise_edition`	Enterprise Edition 21.3.17
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Oracle GraalVM for JDK 17.0.18 Oracle / GraalVM	`cpe:/a:oracle:graalvm:17.0.18::for_jdk`	for JDK 17.0.18
Oracle Java SE 8u481-perf Oracle / Java SE	`cpe:/a:oracle:java_se:8u481-perf`	8u481-perf
Oracle Java SE 26 Oracle / Java SE	`cpe:/a:oracle:java_se:26`	26
Azul Zulu Azul	`cpe:/a:azul:zulu:-`	—
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IBM App Connect Enterprise IBM	`cpe:/a:ibm:app_connect_enterprise:-`	—
Open Source OpenJDK Open Source	`cpe:/a:oracle:openjdk:-`	—
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
IBM Tivoli Netcool/OMNIbus IBM	`cpe:/a:ibm:tivoli_netcool%2fomnibus:-`	—
IBM Content Manager 8.7 IBM / Content Manager	`cpe:/a:ibm:content_manager:8.7`	8.7

CVE-2026-22008

Affected products

Known affected 32 products

Product	Identifier	Version
RealObjects PDFreactor <12.6.0 RealObjects / PDFreactor		<12.6.0
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Oracle GraalVM for JDK 21.0.10 Oracle / GraalVM	`cpe:/a:oracle:graalvm:21.0.10::for_jdk`	for JDK 21.0.10
Oracle Java SE 25.0.2 Oracle / Java SE	`cpe:/a:oracle:java_se:25.0.2`	25.0.2
Oracle Java SE 17.0.18 Oracle / Java SE	`cpe:/a:oracle:java_se:17.0.18`	17.0.18
IBM Business Automation Workflow IBM	`cpe:/a:ibm:business_automation_workflow:-`	—
Oracle Java SE 21.0.10 Oracle / Java SE	`cpe:/a:oracle:java_se:21.0.10`	21.0.10
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
NetApp ActiveIQ Unified Manager NetApp	`cpe:/a:netapp:active_iq_unified_manager:-`	—
Oracle Java SE 11.0.30 Oracle / Java SE	`cpe:/a:oracle:java_se:11.0.30`	11.0.30
IBM InfoSphere Information Server IBM	`cpe:/a:ibm:infosphere_information_server:-`	—
IBM Java 8.0.0.0-8.0.8.60 IBM / Java	`cpe:/a:ibm:jre:8.0.0.0_-_8.0.8.60`	8.0.0.0-8.0.8.60
IBM WebSphere Application Server IBM	`cpe:/a:ibm:websphere_application_server:-`	—
IBM Rational Software Architect IBM	`cpe:/a:ibm:rational_software_architect:-`	—
IBM Semeru Runtime IBM	`cpe:/a:ibm:semeru_runtime:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Oracle Java SE 8u481 Oracle / Java SE	`cpe:/a:oracle:java_se:8u481`	8u481
Oracle Java SE 8u481-b50 Oracle / Java SE	`cpe:/a:oracle:java_se:8u481-b50`	8u481-b50
IBM Java 7.1.0.0-7.1.5.29 IBM / Java	`cpe:/a:ibm:jre:7.1.0.0_-_7.1.5.29`	7.1.0.0-7.1.5.29
Oracle GraalVM Enterprise Edition 21.3.17 Oracle / GraalVM	`cpe:/a:oracle:graalvm:21.3.17::enterprise_edition`	Enterprise Edition 21.3.17
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Oracle GraalVM for JDK 17.0.18 Oracle / GraalVM	`cpe:/a:oracle:graalvm:17.0.18::for_jdk`	for JDK 17.0.18
Oracle Java SE 8u481-perf Oracle / Java SE	`cpe:/a:oracle:java_se:8u481-perf`	8u481-perf
Oracle Java SE 26 Oracle / Java SE	`cpe:/a:oracle:java_se:26`	26
Azul Zulu Azul	`cpe:/a:azul:zulu:-`	—
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IBM App Connect Enterprise IBM	`cpe:/a:ibm:app_connect_enterprise:-`	—
Open Source OpenJDK Open Source	`cpe:/a:oracle:openjdk:-`	—
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
IBM Tivoli Netcool/OMNIbus IBM	`cpe:/a:ibm:tivoli_netcool%2fomnibus:-`	—
IBM Content Manager 8.7 IBM / Content Manager	`cpe:/a:ibm:content_manager:8.7`	8.7

CVE-2026-22013

Affected products

Known affected 32 products

Product	Identifier	Version
RealObjects PDFreactor <12.6.0 RealObjects / PDFreactor		<12.6.0
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Oracle GraalVM for JDK 21.0.10 Oracle / GraalVM	`cpe:/a:oracle:graalvm:21.0.10::for_jdk`	for JDK 21.0.10
Oracle Java SE 25.0.2 Oracle / Java SE	`cpe:/a:oracle:java_se:25.0.2`	25.0.2
Oracle Java SE 17.0.18 Oracle / Java SE	`cpe:/a:oracle:java_se:17.0.18`	17.0.18
IBM Business Automation Workflow IBM	`cpe:/a:ibm:business_automation_workflow:-`	—
Oracle Java SE 21.0.10 Oracle / Java SE	`cpe:/a:oracle:java_se:21.0.10`	21.0.10
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
NetApp ActiveIQ Unified Manager NetApp	`cpe:/a:netapp:active_iq_unified_manager:-`	—
Oracle Java SE 11.0.30 Oracle / Java SE	`cpe:/a:oracle:java_se:11.0.30`	11.0.30
IBM InfoSphere Information Server IBM	`cpe:/a:ibm:infosphere_information_server:-`	—
IBM Java 8.0.0.0-8.0.8.60 IBM / Java	`cpe:/a:ibm:jre:8.0.0.0_-_8.0.8.60`	8.0.0.0-8.0.8.60
IBM WebSphere Application Server IBM	`cpe:/a:ibm:websphere_application_server:-`	—
IBM Rational Software Architect IBM	`cpe:/a:ibm:rational_software_architect:-`	—
IBM Semeru Runtime IBM	`cpe:/a:ibm:semeru_runtime:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Oracle Java SE 8u481 Oracle / Java SE	`cpe:/a:oracle:java_se:8u481`	8u481
Oracle Java SE 8u481-b50 Oracle / Java SE	`cpe:/a:oracle:java_se:8u481-b50`	8u481-b50
IBM Java 7.1.0.0-7.1.5.29 IBM / Java	`cpe:/a:ibm:jre:7.1.0.0_-_7.1.5.29`	7.1.0.0-7.1.5.29
Oracle GraalVM Enterprise Edition 21.3.17 Oracle / GraalVM	`cpe:/a:oracle:graalvm:21.3.17::enterprise_edition`	Enterprise Edition 21.3.17
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Oracle GraalVM for JDK 17.0.18 Oracle / GraalVM	`cpe:/a:oracle:graalvm:17.0.18::for_jdk`	for JDK 17.0.18
Oracle Java SE 8u481-perf Oracle / Java SE	`cpe:/a:oracle:java_se:8u481-perf`	8u481-perf
Oracle Java SE 26 Oracle / Java SE	`cpe:/a:oracle:java_se:26`	26
Azul Zulu Azul	`cpe:/a:azul:zulu:-`	—
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IBM App Connect Enterprise IBM	`cpe:/a:ibm:app_connect_enterprise:-`	—
Open Source OpenJDK Open Source	`cpe:/a:oracle:openjdk:-`	—
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
IBM Tivoli Netcool/OMNIbus IBM	`cpe:/a:ibm:tivoli_netcool%2fomnibus:-`	—
IBM Content Manager 8.7 IBM / Content Manager	`cpe:/a:ibm:content_manager:8.7`	8.7

CVE-2026-22016

Affected products

Known affected 32 products

Product	Identifier	Version
RealObjects PDFreactor <12.6.0 RealObjects / PDFreactor		<12.6.0
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Oracle GraalVM for JDK 21.0.10 Oracle / GraalVM	`cpe:/a:oracle:graalvm:21.0.10::for_jdk`	for JDK 21.0.10
Oracle Java SE 25.0.2 Oracle / Java SE	`cpe:/a:oracle:java_se:25.0.2`	25.0.2
Oracle Java SE 17.0.18 Oracle / Java SE	`cpe:/a:oracle:java_se:17.0.18`	17.0.18
IBM Business Automation Workflow IBM	`cpe:/a:ibm:business_automation_workflow:-`	—
Oracle Java SE 21.0.10 Oracle / Java SE	`cpe:/a:oracle:java_se:21.0.10`	21.0.10
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
NetApp ActiveIQ Unified Manager NetApp	`cpe:/a:netapp:active_iq_unified_manager:-`	—
Oracle Java SE 11.0.30 Oracle / Java SE	`cpe:/a:oracle:java_se:11.0.30`	11.0.30
IBM InfoSphere Information Server IBM	`cpe:/a:ibm:infosphere_information_server:-`	—
IBM Java 8.0.0.0-8.0.8.60 IBM / Java	`cpe:/a:ibm:jre:8.0.0.0_-_8.0.8.60`	8.0.0.0-8.0.8.60
IBM WebSphere Application Server IBM	`cpe:/a:ibm:websphere_application_server:-`	—
IBM Rational Software Architect IBM	`cpe:/a:ibm:rational_software_architect:-`	—
IBM Semeru Runtime IBM	`cpe:/a:ibm:semeru_runtime:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Oracle Java SE 8u481 Oracle / Java SE	`cpe:/a:oracle:java_se:8u481`	8u481
Oracle Java SE 8u481-b50 Oracle / Java SE	`cpe:/a:oracle:java_se:8u481-b50`	8u481-b50
IBM Java 7.1.0.0-7.1.5.29 IBM / Java	`cpe:/a:ibm:jre:7.1.0.0_-_7.1.5.29`	7.1.0.0-7.1.5.29
Oracle GraalVM Enterprise Edition 21.3.17 Oracle / GraalVM	`cpe:/a:oracle:graalvm:21.3.17::enterprise_edition`	Enterprise Edition 21.3.17
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Oracle GraalVM for JDK 17.0.18 Oracle / GraalVM	`cpe:/a:oracle:graalvm:17.0.18::for_jdk`	for JDK 17.0.18
Oracle Java SE 8u481-perf Oracle / Java SE	`cpe:/a:oracle:java_se:8u481-perf`	8u481-perf
Oracle Java SE 26 Oracle / Java SE	`cpe:/a:oracle:java_se:26`	26
Azul Zulu Azul	`cpe:/a:azul:zulu:-`	—
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IBM App Connect Enterprise IBM	`cpe:/a:ibm:app_connect_enterprise:-`	—
Open Source OpenJDK Open Source	`cpe:/a:oracle:openjdk:-`	—
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
IBM Tivoli Netcool/OMNIbus IBM	`cpe:/a:ibm:tivoli_netcool%2fomnibus:-`	—
IBM Content Manager 8.7 IBM / Content Manager	`cpe:/a:ibm:content_manager:8.7`	8.7

CVE-2026-22018

Affected products

Known affected 32 products

Product	Identifier	Version
RealObjects PDFreactor <12.6.0 RealObjects / PDFreactor		<12.6.0
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Oracle GraalVM for JDK 21.0.10 Oracle / GraalVM	`cpe:/a:oracle:graalvm:21.0.10::for_jdk`	for JDK 21.0.10
Oracle Java SE 25.0.2 Oracle / Java SE	`cpe:/a:oracle:java_se:25.0.2`	25.0.2
Oracle Java SE 17.0.18 Oracle / Java SE	`cpe:/a:oracle:java_se:17.0.18`	17.0.18
IBM Business Automation Workflow IBM	`cpe:/a:ibm:business_automation_workflow:-`	—
Oracle Java SE 21.0.10 Oracle / Java SE	`cpe:/a:oracle:java_se:21.0.10`	21.0.10
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
NetApp ActiveIQ Unified Manager NetApp	`cpe:/a:netapp:active_iq_unified_manager:-`	—
Oracle Java SE 11.0.30 Oracle / Java SE	`cpe:/a:oracle:java_se:11.0.30`	11.0.30
IBM InfoSphere Information Server IBM	`cpe:/a:ibm:infosphere_information_server:-`	—
IBM Java 8.0.0.0-8.0.8.60 IBM / Java	`cpe:/a:ibm:jre:8.0.0.0_-_8.0.8.60`	8.0.0.0-8.0.8.60
IBM WebSphere Application Server IBM	`cpe:/a:ibm:websphere_application_server:-`	—
IBM Rational Software Architect IBM	`cpe:/a:ibm:rational_software_architect:-`	—
IBM Semeru Runtime IBM	`cpe:/a:ibm:semeru_runtime:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Oracle Java SE 8u481 Oracle / Java SE	`cpe:/a:oracle:java_se:8u481`	8u481
Oracle Java SE 8u481-b50 Oracle / Java SE	`cpe:/a:oracle:java_se:8u481-b50`	8u481-b50
IBM Java 7.1.0.0-7.1.5.29 IBM / Java	`cpe:/a:ibm:jre:7.1.0.0_-_7.1.5.29`	7.1.0.0-7.1.5.29
Oracle GraalVM Enterprise Edition 21.3.17 Oracle / GraalVM	`cpe:/a:oracle:graalvm:21.3.17::enterprise_edition`	Enterprise Edition 21.3.17
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Oracle GraalVM for JDK 17.0.18 Oracle / GraalVM	`cpe:/a:oracle:graalvm:17.0.18::for_jdk`	for JDK 17.0.18
Oracle Java SE 8u481-perf Oracle / Java SE	`cpe:/a:oracle:java_se:8u481-perf`	8u481-perf
Oracle Java SE 26 Oracle / Java SE	`cpe:/a:oracle:java_se:26`	26
Azul Zulu Azul	`cpe:/a:azul:zulu:-`	—
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IBM App Connect Enterprise IBM	`cpe:/a:ibm:app_connect_enterprise:-`	—
Open Source OpenJDK Open Source	`cpe:/a:oracle:openjdk:-`	—
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
IBM Tivoli Netcool/OMNIbus IBM	`cpe:/a:ibm:tivoli_netcool%2fomnibus:-`	—
IBM Content Manager 8.7 IBM / Content Manager	`cpe:/a:ibm:content_manager:8.7`	8.7

CVE-2026-22021

Affected products

Known affected 32 products

Product	Identifier	Version
RealObjects PDFreactor <12.6.0 RealObjects / PDFreactor		<12.6.0
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Oracle GraalVM for JDK 21.0.10 Oracle / GraalVM	`cpe:/a:oracle:graalvm:21.0.10::for_jdk`	for JDK 21.0.10
Oracle Java SE 25.0.2 Oracle / Java SE	`cpe:/a:oracle:java_se:25.0.2`	25.0.2
Oracle Java SE 17.0.18 Oracle / Java SE	`cpe:/a:oracle:java_se:17.0.18`	17.0.18
IBM Business Automation Workflow IBM	`cpe:/a:ibm:business_automation_workflow:-`	—
Oracle Java SE 21.0.10 Oracle / Java SE	`cpe:/a:oracle:java_se:21.0.10`	21.0.10
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
NetApp ActiveIQ Unified Manager NetApp	`cpe:/a:netapp:active_iq_unified_manager:-`	—
Oracle Java SE 11.0.30 Oracle / Java SE	`cpe:/a:oracle:java_se:11.0.30`	11.0.30
IBM InfoSphere Information Server IBM	`cpe:/a:ibm:infosphere_information_server:-`	—
IBM Java 8.0.0.0-8.0.8.60 IBM / Java	`cpe:/a:ibm:jre:8.0.0.0_-_8.0.8.60`	8.0.0.0-8.0.8.60
IBM WebSphere Application Server IBM	`cpe:/a:ibm:websphere_application_server:-`	—
IBM Rational Software Architect IBM	`cpe:/a:ibm:rational_software_architect:-`	—
IBM Semeru Runtime IBM	`cpe:/a:ibm:semeru_runtime:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Oracle Java SE 8u481 Oracle / Java SE	`cpe:/a:oracle:java_se:8u481`	8u481
Oracle Java SE 8u481-b50 Oracle / Java SE	`cpe:/a:oracle:java_se:8u481-b50`	8u481-b50
IBM Java 7.1.0.0-7.1.5.29 IBM / Java	`cpe:/a:ibm:jre:7.1.0.0_-_7.1.5.29`	7.1.0.0-7.1.5.29
Oracle GraalVM Enterprise Edition 21.3.17 Oracle / GraalVM	`cpe:/a:oracle:graalvm:21.3.17::enterprise_edition`	Enterprise Edition 21.3.17
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Oracle GraalVM for JDK 17.0.18 Oracle / GraalVM	`cpe:/a:oracle:graalvm:17.0.18::for_jdk`	for JDK 17.0.18
Oracle Java SE 8u481-perf Oracle / Java SE	`cpe:/a:oracle:java_se:8u481-perf`	8u481-perf
Oracle Java SE 26 Oracle / Java SE	`cpe:/a:oracle:java_se:26`	26
Azul Zulu Azul	`cpe:/a:azul:zulu:-`	—
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IBM App Connect Enterprise IBM	`cpe:/a:ibm:app_connect_enterprise:-`	—
Open Source OpenJDK Open Source	`cpe:/a:oracle:openjdk:-`	—
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
IBM Tivoli Netcool/OMNIbus IBM	`cpe:/a:ibm:tivoli_netcool%2fomnibus:-`	—
IBM Content Manager 8.7 IBM / Content Manager	`cpe:/a:ibm:content_manager:8.7`	8.7

CVE-2026-23865

Affected products

Known affected 32 products

Product	Identifier	Version
RealObjects PDFreactor <12.6.0 RealObjects / PDFreactor		<12.6.0
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Oracle GraalVM for JDK 21.0.10 Oracle / GraalVM	`cpe:/a:oracle:graalvm:21.0.10::for_jdk`	for JDK 21.0.10
Oracle Java SE 25.0.2 Oracle / Java SE	`cpe:/a:oracle:java_se:25.0.2`	25.0.2
Oracle Java SE 17.0.18 Oracle / Java SE	`cpe:/a:oracle:java_se:17.0.18`	17.0.18
IBM Business Automation Workflow IBM	`cpe:/a:ibm:business_automation_workflow:-`	—
Oracle Java SE 21.0.10 Oracle / Java SE	`cpe:/a:oracle:java_se:21.0.10`	21.0.10
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
NetApp ActiveIQ Unified Manager NetApp	`cpe:/a:netapp:active_iq_unified_manager:-`	—
Oracle Java SE 11.0.30 Oracle / Java SE	`cpe:/a:oracle:java_se:11.0.30`	11.0.30
IBM InfoSphere Information Server IBM	`cpe:/a:ibm:infosphere_information_server:-`	—
IBM Java 8.0.0.0-8.0.8.60 IBM / Java	`cpe:/a:ibm:jre:8.0.0.0_-_8.0.8.60`	8.0.0.0-8.0.8.60
IBM WebSphere Application Server IBM	`cpe:/a:ibm:websphere_application_server:-`	—
IBM Rational Software Architect IBM	`cpe:/a:ibm:rational_software_architect:-`	—
IBM Semeru Runtime IBM	`cpe:/a:ibm:semeru_runtime:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Oracle Java SE 8u481 Oracle / Java SE	`cpe:/a:oracle:java_se:8u481`	8u481
Oracle Java SE 8u481-b50 Oracle / Java SE	`cpe:/a:oracle:java_se:8u481-b50`	8u481-b50
IBM Java 7.1.0.0-7.1.5.29 IBM / Java	`cpe:/a:ibm:jre:7.1.0.0_-_7.1.5.29`	7.1.0.0-7.1.5.29
Oracle GraalVM Enterprise Edition 21.3.17 Oracle / GraalVM	`cpe:/a:oracle:graalvm:21.3.17::enterprise_edition`	Enterprise Edition 21.3.17
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Oracle GraalVM for JDK 17.0.18 Oracle / GraalVM	`cpe:/a:oracle:graalvm:17.0.18::for_jdk`	for JDK 17.0.18
Oracle Java SE 8u481-perf Oracle / Java SE	`cpe:/a:oracle:java_se:8u481-perf`	8u481-perf
Oracle Java SE 26 Oracle / Java SE	`cpe:/a:oracle:java_se:26`	26
Azul Zulu Azul	`cpe:/a:azul:zulu:-`	—
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IBM App Connect Enterprise IBM	`cpe:/a:ibm:app_connect_enterprise:-`	—
Open Source OpenJDK Open Source	`cpe:/a:oracle:openjdk:-`	—
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
IBM Tivoli Netcool/OMNIbus IBM	`cpe:/a:ibm:tivoli_netcool%2fomnibus:-`	—
IBM Content Manager 8.7 IBM / Content Manager	`cpe:/a:ibm:content_manager:8.7`	8.7

CVE-2026-34268

Affected products

Known affected 32 products

Product	Identifier	Version
RealObjects PDFreactor <12.6.0 RealObjects / PDFreactor		<12.6.0
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Oracle GraalVM for JDK 21.0.10 Oracle / GraalVM	`cpe:/a:oracle:graalvm:21.0.10::for_jdk`	for JDK 21.0.10
Oracle Java SE 25.0.2 Oracle / Java SE	`cpe:/a:oracle:java_se:25.0.2`	25.0.2
Oracle Java SE 17.0.18 Oracle / Java SE	`cpe:/a:oracle:java_se:17.0.18`	17.0.18
IBM Business Automation Workflow IBM	`cpe:/a:ibm:business_automation_workflow:-`	—
Oracle Java SE 21.0.10 Oracle / Java SE	`cpe:/a:oracle:java_se:21.0.10`	21.0.10
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
NetApp ActiveIQ Unified Manager NetApp	`cpe:/a:netapp:active_iq_unified_manager:-`	—
Oracle Java SE 11.0.30 Oracle / Java SE	`cpe:/a:oracle:java_se:11.0.30`	11.0.30
IBM InfoSphere Information Server IBM	`cpe:/a:ibm:infosphere_information_server:-`	—
IBM Java 8.0.0.0-8.0.8.60 IBM / Java	`cpe:/a:ibm:jre:8.0.0.0_-_8.0.8.60`	8.0.0.0-8.0.8.60
IBM WebSphere Application Server IBM	`cpe:/a:ibm:websphere_application_server:-`	—
IBM Rational Software Architect IBM	`cpe:/a:ibm:rational_software_architect:-`	—
IBM Semeru Runtime IBM	`cpe:/a:ibm:semeru_runtime:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Oracle Java SE 8u481 Oracle / Java SE	`cpe:/a:oracle:java_se:8u481`	8u481
Oracle Java SE 8u481-b50 Oracle / Java SE	`cpe:/a:oracle:java_se:8u481-b50`	8u481-b50
IBM Java 7.1.0.0-7.1.5.29 IBM / Java	`cpe:/a:ibm:jre:7.1.0.0_-_7.1.5.29`	7.1.0.0-7.1.5.29
Oracle GraalVM Enterprise Edition 21.3.17 Oracle / GraalVM	`cpe:/a:oracle:graalvm:21.3.17::enterprise_edition`	Enterprise Edition 21.3.17
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Oracle GraalVM for JDK 17.0.18 Oracle / GraalVM	`cpe:/a:oracle:graalvm:17.0.18::for_jdk`	for JDK 17.0.18
Oracle Java SE 8u481-perf Oracle / Java SE	`cpe:/a:oracle:java_se:8u481-perf`	8u481-perf
Oracle Java SE 26 Oracle / Java SE	`cpe:/a:oracle:java_se:26`	26
Azul Zulu Azul	`cpe:/a:azul:zulu:-`	—
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IBM App Connect Enterprise IBM	`cpe:/a:ibm:app_connect_enterprise:-`	—
Open Source OpenJDK Open Source	`cpe:/a:oracle:openjdk:-`	—
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
IBM Tivoli Netcool/OMNIbus IBM	`cpe:/a:ibm:tivoli_netcool%2fomnibus:-`	—
IBM Content Manager 8.7 IBM / Content Manager	`cpe:/a:ibm:content_manager:8.7`	8.7

CVE-2026-34282

Affected products

Known affected 32 products

Product	Identifier	Version
RealObjects PDFreactor <12.6.0 RealObjects / PDFreactor		<12.6.0
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Oracle GraalVM for JDK 21.0.10 Oracle / GraalVM	`cpe:/a:oracle:graalvm:21.0.10::for_jdk`	for JDK 21.0.10
Oracle Java SE 25.0.2 Oracle / Java SE	`cpe:/a:oracle:java_se:25.0.2`	25.0.2
Oracle Java SE 17.0.18 Oracle / Java SE	`cpe:/a:oracle:java_se:17.0.18`	17.0.18
IBM Business Automation Workflow IBM	`cpe:/a:ibm:business_automation_workflow:-`	—
Oracle Java SE 21.0.10 Oracle / Java SE	`cpe:/a:oracle:java_se:21.0.10`	21.0.10
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
NetApp ActiveIQ Unified Manager NetApp	`cpe:/a:netapp:active_iq_unified_manager:-`	—
Oracle Java SE 11.0.30 Oracle / Java SE	`cpe:/a:oracle:java_se:11.0.30`	11.0.30
IBM InfoSphere Information Server IBM	`cpe:/a:ibm:infosphere_information_server:-`	—
IBM Java 8.0.0.0-8.0.8.60 IBM / Java	`cpe:/a:ibm:jre:8.0.0.0_-_8.0.8.60`	8.0.0.0-8.0.8.60
IBM WebSphere Application Server IBM	`cpe:/a:ibm:websphere_application_server:-`	—
IBM Rational Software Architect IBM	`cpe:/a:ibm:rational_software_architect:-`	—
IBM Semeru Runtime IBM	`cpe:/a:ibm:semeru_runtime:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Oracle Java SE 8u481 Oracle / Java SE	`cpe:/a:oracle:java_se:8u481`	8u481
Oracle Java SE 8u481-b50 Oracle / Java SE	`cpe:/a:oracle:java_se:8u481-b50`	8u481-b50
IBM Java 7.1.0.0-7.1.5.29 IBM / Java	`cpe:/a:ibm:jre:7.1.0.0_-_7.1.5.29`	7.1.0.0-7.1.5.29
Oracle GraalVM Enterprise Edition 21.3.17 Oracle / GraalVM	`cpe:/a:oracle:graalvm:21.3.17::enterprise_edition`	Enterprise Edition 21.3.17
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Oracle GraalVM for JDK 17.0.18 Oracle / GraalVM	`cpe:/a:oracle:graalvm:17.0.18::for_jdk`	for JDK 17.0.18
Oracle Java SE 8u481-perf Oracle / Java SE	`cpe:/a:oracle:java_se:8u481-perf`	8u481-perf
Oracle Java SE 26 Oracle / Java SE	`cpe:/a:oracle:java_se:26`	26
Azul Zulu Azul	`cpe:/a:azul:zulu:-`	—
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IBM App Connect Enterprise IBM	`cpe:/a:ibm:app_connect_enterprise:-`	—
Open Source OpenJDK Open Source	`cpe:/a:oracle:openjdk:-`	—
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
IBM Tivoli Netcool/OMNIbus IBM	`cpe:/a:ibm:tivoli_netcool%2fomnibus:-`	—
IBM Content Manager 8.7 IBM / Content Manager	`cpe:/a:ibm:content_manager:8.7`	8.7

References

71 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://www.oracle.com/security-alerts/cpuapr2026…	external
https://docs.azul.com/core/release-notes	external
https://openjdk.org/groups/vulnerability/advisori…	external
https://access.redhat.com/errata/RHSA-2026:9254	external
https://access.redhat.com/errata/RHSA-2026:9693	external
https://access.redhat.com/errata/RHSA-2026:9682	external
https://access.redhat.com/errata/RHSA-2026:9256	external
https://access.redhat.com/errata/RHSA-2026:9255	external
https://access.redhat.com/errata/RHSA-2026:7286	external
https://access.redhat.com/errata/RHSA-2026:9685	external
https://access.redhat.com/errata/RHSA-2026:9691	external
https://access.redhat.com/errata/RHSA-2026:9694	external
https://access.redhat.com/errata/RHSA-2026:9690	external
https://linux.oracle.com/errata/ELSA-2026-9693.html	external
https://access.redhat.com/errata/RHSA-2026:9688	external
https://access.redhat.com/errata/RHSA-2026:9687	external
https://access.redhat.com/errata/RHSA-2026:9684	external
https://access.redhat.com/errata/RHSA-2026:9686	external
https://www.ibm.com/support/pages/node/7270697	external
https://linux.oracle.com/errata/ELSA-2026-9686.html	external
https://access.redhat.com/errata/RHSA-2026:9683	external
https://access.redhat.com/errata/RHSA-2026:9689	external
https://linux.oracle.com/errata/ELSA-2026-9683.html	external
https://errata.build.resf.org/RLSA-2026:9689	external
https://www.ibm.com/support/pages/node/7270877	external
https://linux.oracle.com/errata/ELSA-2026-9689.html	external
https://security-tracker.debian.org/tracker/DSA-6231-1	external
https://access.redhat.com/errata/RHSA-2026:11329	external
https://access.redhat.com/errata/RHSA-2026:11403	external
https://lists.debian.org/debian-security-announce…	external
https://security.netapp.com/advisory/NTAP-20260429-0012	external
https://access.redhat.com/errata/RHSA-2026:11655	external
https://lists.opensuse.org/archives/list/security…	external
https://access.redhat.com/errata/RHSA-2026:11902	external
https://access.redhat.com/errata/RHSA-2026:11829	external
https://access.redhat.com/errata/RHSA-2026:11822	external
https://access.redhat.com/errata/RHSA-2026:11822	external
https://lists.opensuse.org/archives/list/security…	external
https://lists.debian.org/debian-security-announce…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.debian.org/debian-lts-announce/2026…	external
https://access.redhat.com/errata/RHSA-2026:14391	external
https://lists.debian.org/debian-lts-announce/2026…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://access.redhat.com/errata/RHSA-2026:14659	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://www.ibm.com/support/pages/node/7272269	external
https://www.ibm.com/support/pages/node/7272299	external
https://www.ibm.com/support/pages/node/7272328	external
https://www.ibm.com/support/pages/node/7272397	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.opensuse.org/archives/list/security…	external
https://alas.aws.amazon.com/AL2/ALAS2-2026-3299.html	external
https://lists.opensuse.org/archives/list/security…	external
https://alas.aws.amazon.com/AL2/ALAS2CORRETTO8-20…	external
https://lists.opensuse.org/archives/list/security…	external
https://alas.aws.amazon.com/AL2/ALAS2-2026-3300.html	external
https://lists.opensuse.org/archives/list/security…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.opensuse.org/archives/list/security…	external
https://www.ibm.com/support/pages/node/7272669	external
https://access.redhat.com/errata/RHSA-2026:16695	external
https://www.pdfreactor.com/product/changelog.htm	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://www.ibm.com/support/pages/node/7273339	external
https://www.ibm.com/support/pages/node/7273547	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Die Java Platform, Standard Edition (SE) ist eine Sammlung von Java-APIs (JDK) und der Java Laufzeit Umgebung (JRE).",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle Java SE ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- Sonstiges\n- UNIX\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2026-1201 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-1201.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2026-1201 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1201"
      },
      {
        "category": "external",
        "summary": "Oracle Critical Patch Update Advisory - April 2026 - Appendix Oracle Java SE vom 2026-04-21",
        "url": "https://www.oracle.com/security-alerts/cpuapr2026.html#AppendixJAVA"
      },
      {
        "category": "external",
        "summary": "Azul Zulu builds of OpenJDK April 2026 Quarterly Update vom 2026-04-21",
        "url": "https://docs.azul.com/core/release-notes"
      },
      {
        "category": "external",
        "summary": "OpenJDK Vulnerability Advisory: 2026/04/21",
        "url": "https://openjdk.org/groups/vulnerability/advisories/2026-04-21"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:9254 vom 2026-04-22",
        "url": "https://access.redhat.com/errata/RHSA-2026:9254"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:9693 vom 2026-04-22",
        "url": "https://access.redhat.com/errata/RHSA-2026:9693"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:9682 vom 2026-04-22",
        "url": "https://access.redhat.com/errata/RHSA-2026:9682"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:9256 vom 2026-04-22",
        "url": "https://access.redhat.com/errata/RHSA-2026:9256"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:9255 vom 2026-04-22",
        "url": "https://access.redhat.com/errata/RHSA-2026:9255"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:7286 vom 2026-04-23",
        "url": "https://access.redhat.com/errata/RHSA-2026:7286"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:9685 vom 2026-04-23",
        "url": "https://access.redhat.com/errata/RHSA-2026:9685"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:9691 vom 2026-04-23",
        "url": "https://access.redhat.com/errata/RHSA-2026:9691"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:9694 vom 2026-04-23",
        "url": "https://access.redhat.com/errata/RHSA-2026:9694"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:9690 vom 2026-04-23",
        "url": "https://access.redhat.com/errata/RHSA-2026:9690"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2026-9693 vom 2026-04-23",
        "url": "https://linux.oracle.com/errata/ELSA-2026-9693.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:9688 vom 2026-04-23",
        "url": "https://access.redhat.com/errata/RHSA-2026:9688"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:9687 vom 2026-04-23",
        "url": "https://access.redhat.com/errata/RHSA-2026:9687"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:9684 vom 2026-04-23",
        "url": "https://access.redhat.com/errata/RHSA-2026:9684"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:9686 vom 2026-04-24",
        "url": "https://access.redhat.com/errata/RHSA-2026:9686"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7270697 vom 2026-04-24",
        "url": "https://www.ibm.com/support/pages/node/7270697"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2026-9686 vom 2026-04-24",
        "url": "https://linux.oracle.com/errata/ELSA-2026-9686.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:9683 vom 2026-04-24",
        "url": "https://access.redhat.com/errata/RHSA-2026:9683"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:9689 vom 2026-04-24",
        "url": "https://access.redhat.com/errata/RHSA-2026:9689"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2026-9683 vom 2026-04-27",
        "url": "https://linux.oracle.com/errata/ELSA-2026-9683.html"
      },
      {
        "category": "external",
        "summary": "Rocky Linux Security Advisory RLSA-2026:9689 vom 2026-04-28",
        "url": "https://errata.build.resf.org/RLSA-2026:9689"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7270877 vom 2026-04-27",
        "url": "https://www.ibm.com/support/pages/node/7270877"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2026-9689 vom 2026-04-28",
        "url": "https://linux.oracle.com/errata/ELSA-2026-9689.html"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DSA-6231 vom 2026-04-28",
        "url": "https://security-tracker.debian.org/tracker/DSA-6231-1"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:11329 vom 2026-04-28",
        "url": "https://access.redhat.com/errata/RHSA-2026:11329"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:11403 vom 2026-04-28",
        "url": "https://access.redhat.com/errata/RHSA-2026:11403"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DSA-6237 vom 2026-04-29",
        "url": "https://lists.debian.org/debian-security-announce/2026/msg00147.html"
      },
      {
        "category": "external",
        "summary": "NetApp Security Advisory NTAP-20260429-0012 vom 2026-04-29",
        "url": "https://security.netapp.com/advisory/NTAP-20260429-0012"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:11655 vom 2026-04-29",
        "url": "https://access.redhat.com/errata/RHSA-2026:11655"
      },
      {
        "category": "external",
        "summary": "openSUSE Security Update OPENSUSE-SU-2026:10639-1 vom 2026-04-30",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/W2Y645E54E6XFIST2UBUB4OLOXHMIOLS/"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:11902 vom 2026-04-30",
        "url": "https://access.redhat.com/errata/RHSA-2026:11902"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:11829 vom 2026-04-30",
        "url": "https://access.redhat.com/errata/RHSA-2026:11829"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:11822 vom 2026-04-30",
        "url": "https://access.redhat.com/errata/RHSA-2026:11822"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:11822 vom 2026-05-01",
        "url": "https://access.redhat.com/errata/RHSA-2026:11822"
      },
      {
        "category": "external",
        "summary": "openSUSE Security Update OPENSUSE-SU-2026:10656-1 vom 2026-05-01",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/JTBQPRECSOLUZMDIPNPEKSCKSOKTSRBX/"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DSA-6246 vom 2026-05-04",
        "url": "https://lists.debian.org/debian-security-announce/2026/msg00157.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:1705-1 vom 2026-05-06",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-May/025854.html"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DLA-4566 vom 2026-05-06",
        "url": "https://lists.debian.org/debian-lts-announce/2026/05/msg00010.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:14391 vom 2026-05-07",
        "url": "https://access.redhat.com/errata/RHSA-2026:14391"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DLA-4565 vom 2026-05-06",
        "url": "https://lists.debian.org/debian-lts-announce/2026/05/msg00009.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:1703-1 vom 2026-05-06",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-May/025856.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:14659 vom 2026-05-07",
        "url": "https://access.redhat.com/errata/RHSA-2026:14659"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:1704-1 vom 2026-05-06",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-May/025855.html"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7272269 vom 2026-05-07",
        "url": "https://www.ibm.com/support/pages/node/7272269"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7272299 vom 2026-05-07",
        "url": "https://www.ibm.com/support/pages/node/7272299"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7272328 vom 2026-05-07",
        "url": "https://www.ibm.com/support/pages/node/7272328"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7272397 vom 2026-05-08",
        "url": "https://www.ibm.com/support/pages/node/7272397"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:1731-1 vom 2026-05-07",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-May/025933.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:1732-1 vom 2026-05-07",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-May/025932.html"
      },
      {
        "category": "external",
        "summary": "openSUSE Security Update OPENSUSE-SU-2026:10727-1 vom 2026-05-10",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/KTLULMCU2QOCFHMKGKXBCTCRU44HEPXF/"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS2-2026-3299 vom 2026-05-09",
        "url": "https://alas.aws.amazon.com/AL2/ALAS2-2026-3299.html"
      },
      {
        "category": "external",
        "summary": "openSUSE Security Update OPENSUSE-SU-2026:10725-1 vom 2026-05-10",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2M4F7ZTRQTCAO3T4RSWQHVO3A62HCU4W/"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS2CORRETTO8-2026-023 vom 2026-05-09",
        "url": "https://alas.aws.amazon.com/AL2/ALAS2CORRETTO8-2026-023.html"
      },
      {
        "category": "external",
        "summary": "openSUSE Security Update OPENSUSE-SU-2026:10726-1 vom 2026-05-10",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/JZADYTZHBW5JHFOOY3QKVO2SFZF2FEKA/"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS2-2026-3300 vom 2026-05-09",
        "url": "https://alas.aws.amazon.com/AL2/ALAS2-2026-3300.html"
      },
      {
        "category": "external",
        "summary": "openSUSE Security Update OPENSUSE-SU-2026:10724-1 vom 2026-05-10",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/OCLXKR3SVJPA3J5GS6J5JU5HALZFEOHT/"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:21543-1 vom 2026-05-11",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-May/025976.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:21552-1 vom 2026-05-11",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-May/025969.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:21551-1 vom 2026-05-11",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-May/025970.html"
      },
      {
        "category": "external",
        "summary": "openSUSE Security Update OPENSUSE-SU-2026:10728-1 vom 2026-05-11",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/FBGPJAGCNO5HCFTOMNSHIAOXRUYUABBO/"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7272669 vom 2026-05-12",
        "url": "https://www.ibm.com/support/pages/node/7272669"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:16695 vom 2026-05-13",
        "url": "https://access.redhat.com/errata/RHSA-2026:16695"
      },
      {
        "category": "external",
        "summary": "PDFreactor 12.6.0 Changelog vom 2026-05-13",
        "url": "https://www.pdfreactor.com/product/changelog.htm"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:1955-1 vom 2026-05-18",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-May/026100.html"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7273339 vom 2026-05-19",
        "url": "https://www.ibm.com/support/pages/node/7273339"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7273547 vom 2026-05-20",
        "url": "https://www.ibm.com/support/pages/node/7273547"
      }
    ],
    "source_lang": "en-US",
    "title": "Oracle Java SE: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2026-05-20T22:00:00.000+00:00",
      "generator": {
        "date": "2026-05-21T07:57:21.164+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.6.0"
        }
      },
      "id": "WID-SEC-W-2026-1201",
      "initial_release_date": "2026-04-21T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2026-04-21T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2026-04-22T22:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2026-04-23T22:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von Red Hat und Oracle Linux aufgenommen"
        },
        {
          "date": "2026-04-26T22:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von Oracle Linux und Red Hat aufgenommen"
        },
        {
          "date": "2026-04-27T22:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von Oracle Linux, Rocky Enterprise Software Foundation, IBM und Debian aufgenommen"
        },
        {
          "date": "2026-04-28T22:00:00.000+00:00",
          "number": "6",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2026-04-29T22:00:00.000+00:00",
          "number": "7",
          "summary": "Neue Updates von Debian, NetApp und Red Hat aufgenommen"
        },
        {
          "date": "2026-05-03T22:00:00.000+00:00",
          "number": "8",
          "summary": "Neue Updates von openSUSE, Red Hat und Debian aufgenommen"
        },
        {
          "date": "2026-05-06T22:00:00.000+00:00",
          "number": "9",
          "summary": "Neue Updates von SUSE, Debian und Red Hat aufgenommen"
        },
        {
          "date": "2026-05-07T22:00:00.000+00:00",
          "number": "10",
          "summary": "Neue Updates von IBM und SUSE aufgenommen"
        },
        {
          "date": "2026-05-10T22:00:00.000+00:00",
          "number": "11",
          "summary": "Neue Updates von openSUSE und Amazon aufgenommen"
        },
        {
          "date": "2026-05-11T22:00:00.000+00:00",
          "number": "12",
          "summary": "Neue Updates von openSUSE aufgenommen"
        },
        {
          "date": "2026-05-12T22:00:00.000+00:00",
          "number": "13",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2026-05-14T22:00:00.000+00:00",
          "number": "14",
          "summary": "Neue Updates aufgenommen"
        },
        {
          "date": "2026-05-18T22:00:00.000+00:00",
          "number": "15",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2026-05-19T22:00:00.000+00:00",
          "number": "16",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2026-05-20T22:00:00.000+00:00",
          "number": "17",
          "summary": "Neue Updates von IBM aufgenommen"
        }
      ],
      "status": "final",
      "version": "17"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Amazon Linux 2",
            "product": {
              "name": "Amazon Linux 2",
              "product_id": "398363",
              "product_identification_helper": {
                "cpe": "cpe:/o:amazon:linux_2:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Amazon"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Azul Zulu",
            "product": {
              "name": "Azul Zulu",
              "product_id": "T036273",
              "product_identification_helper": {
                "cpe": "cpe:/a:azul:zulu:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Azul"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Debian Linux",
            "product": {
              "name": "Debian Linux",
              "product_id": "2951",
              "product_identification_helper": {
                "cpe": "cpe:/o:debian:debian_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Debian"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "IBM App Connect Enterprise",
            "product": {
              "name": "IBM App Connect Enterprise",
              "product_id": "T051349",
              "product_identification_helper": {
                "cpe": "cpe:/a:ibm:app_connect_enterprise:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "IBM Business Automation Workflow",
            "product": {
              "name": "IBM Business Automation Workflow",
              "product_id": "T053688",
              "product_identification_helper": {
                "cpe": "cpe:/a:ibm:business_automation_workflow:-"
              }
            }
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "8.7",
                "product": {
                  "name": "IBM Content Manager 8.7",
                  "product_id": "T025981",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:content_manager:8.7"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Content Manager"
          },
          {
            "category": "product_name",
            "name": "IBM InfoSphere Information Server",
            "product": {
              "name": "IBM InfoSphere Information Server",
              "product_id": "T019995",
              "product_identification_helper": {
                "cpe": "cpe:/a:ibm:infosphere_information_server:-"
              }
            }
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "7.1.0.0-7.1.5.29",
                "product": {
                  "name": "IBM Java 7.1.0.0-7.1.5.29",
                  "product_id": "T053317",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:jre:7.1.0.0_-_7.1.5.29"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "8.0.0.0-8.0.8.60",
                "product": {
                  "name": "IBM Java 8.0.0.0-8.0.8.60",
                  "product_id": "T053318",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:jre:8.0.0.0_-_8.0.8.60"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Java"
          },
          {
            "category": "product_name",
            "name": "IBM Rational Software Architect",
            "product": {
              "name": "IBM Rational Software Architect",
              "product_id": "T005181",
              "product_identification_helper": {
                "cpe": "cpe:/a:ibm:rational_software_architect:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "IBM Semeru Runtime",
            "product": {
              "name": "IBM Semeru Runtime",
              "product_id": "T048255",
              "product_identification_helper": {
                "cpe": "cpe:/a:ibm:semeru_runtime:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "IBM Tivoli Netcool/OMNIbus",
            "product": {
              "name": "IBM Tivoli Netcool/OMNIbus",
              "product_id": "T004181",
              "product_identification_helper": {
                "cpe": "cpe:/a:ibm:tivoli_netcool%2fomnibus:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "IBM WebSphere Application Server",
            "product": {
              "name": "IBM WebSphere Application Server",
              "product_id": "T000377",
              "product_identification_helper": {
                "cpe": "cpe:/a:ibm:websphere_application_server:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "IBM"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "NetApp ActiveIQ Unified Manager",
            "product": {
              "name": "NetApp ActiveIQ Unified Manager",
              "product_id": "T034125",
              "product_identification_helper": {
                "cpe": "cpe:/a:netapp:active_iq_unified_manager:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "NetApp"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Open Source OpenJDK",
            "product": {
              "name": "Open Source OpenJDK",
              "product_id": "580789",
              "product_identification_helper": {
                "cpe": "cpe:/a:oracle:openjdk:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "Enterprise Edition 21.3.17",
                "product": {
                  "name": "Oracle GraalVM Enterprise Edition 21.3.17",
                  "product_id": "T053158",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:graalvm:21.3.17::enterprise_edition"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "for JDK 17.0.18",
                "product": {
                  "name": "Oracle GraalVM for JDK 17.0.18",
                  "product_id": "T053159",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:graalvm:17.0.18::for_jdk"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "for JDK 21.0.10",
                "product": {
                  "name": "Oracle GraalVM for JDK 21.0.10",
                  "product_id": "T053160",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:graalvm:21.0.10::for_jdk"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "GraalVM"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "11.0.30",
                "product": {
                  "name": "Oracle Java SE 11.0.30",
                  "product_id": "T053104",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:java_se:11.0.30"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "17.0.18",
                "product": {
                  "name": "Oracle Java SE 17.0.18",
                  "product_id": "T053105",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:java_se:17.0.18"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "21.0.10",
                "product": {
                  "name": "Oracle Java SE 21.0.10",
                  "product_id": "T053106",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:java_se:21.0.10"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "25.0.2",
                "product": {
                  "name": "Oracle Java SE 25.0.2",
                  "product_id": "T053107",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:java_se:25.0.2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "8u481",
                "product": {
                  "name": "Oracle Java SE 8u481",
                  "product_id": "T053154",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:java_se:8u481"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "8u481-b50",
                "product": {
                  "name": "Oracle Java SE 8u481-b50",
                  "product_id": "T053155",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:java_se:8u481-b50"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "8u481-perf",
                "product": {
                  "name": "Oracle Java SE 8u481-perf",
                  "product_id": "T053156",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:java_se:8u481-perf"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "26",
                "product": {
                  "name": "Oracle Java SE 26",
                  "product_id": "T053157",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:java_se:26"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Java SE"
          },
          {
            "category": "product_name",
            "name": "Oracle Linux",
            "product": {
              "name": "Oracle Linux",
              "product_id": "T004914",
              "product_identification_helper": {
                "cpe": "cpe:/o:oracle:linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Oracle"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "RESF Rocky Linux",
            "product": {
              "name": "RESF Rocky Linux",
              "product_id": "T032255",
              "product_identification_helper": {
                "cpe": "cpe:/o:resf:rocky_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "RESF"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c12.6.0",
                "product": {
                  "name": "RealObjects PDFreactor \u003c12.6.0",
                  "product_id": "T054153"
                }
              },
              {
                "category": "product_version",
                "name": "12.6.0",
                "product": {
                  "name": "RealObjects PDFreactor 12.6.0",
                  "product_id": "T054153-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:realobjects:pdfreactor:12.6.0"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "PDFreactor"
          }
        ],
        "category": "vendor",
        "name": "RealObjects"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Red Hat Enterprise Linux",
            "product": {
              "name": "Red Hat Enterprise Linux",
              "product_id": "67646",
              "product_identification_helper": {
                "cpe": "cpe:/o:redhat:enterprise_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "SUSE Linux",
            "product": {
              "name": "SUSE Linux",
              "product_id": "T002207",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:suse_linux:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "SUSE openSUSE",
            "product": {
              "name": "SUSE openSUSE",
              "product_id": "T027843",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:opensuse:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2026-20652",
      "product_status": {
        "known_affected": [
          "T054153",
          "67646",
          "T053160",
          "T053107",
          "T053105",
          "T053688",
          "T053106",
          "T004914",
          "T034125",
          "T053104",
          "T019995",
          "T053318",
          "T000377",
          "T005181",
          "T048255",
          "398363",
          "T053154",
          "T053155",
          "T053317",
          "T053158",
          "T032255",
          "T053159",
          "T053156",
          "T053157",
          "T036273",
          "2951",
          "T002207",
          "T051349",
          "580789",
          "T027843",
          "T004181",
          "T025981"
        ]
      },
      "release_date": "2026-04-21T22:00:00.000+00:00",
      "title": "CVE-2026-20652"
    },
    {
      "cve": "CVE-2026-22003",
      "product_status": {
        "known_affected": [
          "T054153",
          "67646",
          "T053160",
          "T053107",
          "T053105",
          "T053688",
          "T053106",
          "T004914",
          "T034125",
          "T053104",
          "T019995",
          "T053318",
          "T000377",
          "T005181",
          "T048255",
          "398363",
          "T053154",
          "T053155",
          "T053317",
          "T053158",
          "T032255",
          "T053159",
          "T053156",
          "T053157",
          "T036273",
          "2951",
          "T002207",
          "T051349",
          "580789",
          "T027843",
          "T004181",
          "T025981"
        ]
      },
      "release_date": "2026-04-21T22:00:00.000+00:00",
      "title": "CVE-2026-22003"
    },
    {
      "cve": "CVE-2026-22007",
      "product_status": {
        "known_affected": [
          "T054153",
          "67646",
          "T053160",
          "T053107",
          "T053105",
          "T053688",
          "T053106",
          "T004914",
          "T034125",
          "T053104",
          "T019995",
          "T053318",
          "T000377",
          "T005181",
          "T048255",
          "398363",
          "T053154",
          "T053155",
          "T053317",
          "T053158",
          "T032255",
          "T053159",
          "T053156",
          "T053157",
          "T036273",
          "2951",
          "T002207",
          "T051349",
          "580789",
          "T027843",
          "T004181",
          "T025981"
        ]
      },
      "release_date": "2026-04-21T22:00:00.000+00:00",
      "title": "CVE-2026-22007"
    },
    {
      "cve": "CVE-2026-22008",
      "product_status": {
        "known_affected": [
          "T054153",
          "67646",
          "T053160",
          "T053107",
          "T053105",
          "T053688",
          "T053106",
          "T004914",
          "T034125",
          "T053104",
          "T019995",
          "T053318",
          "T000377",
          "T005181",
          "T048255",
          "398363",
          "T053154",
          "T053155",
          "T053317",
          "T053158",
          "T032255",
          "T053159",
          "T053156",
          "T053157",
          "T036273",
          "2951",
          "T002207",
          "T051349",
          "580789",
          "T027843",
          "T004181",
          "T025981"
        ]
      },
      "release_date": "2026-04-21T22:00:00.000+00:00",
      "title": "CVE-2026-22008"
    },
    {
      "cve": "CVE-2026-22013",
      "product_status": {
        "known_affected": [
          "T054153",
          "67646",
          "T053160",
          "T053107",
          "T053105",
          "T053688",
          "T053106",
          "T004914",
          "T034125",
          "T053104",
          "T019995",
          "T053318",
          "T000377",
          "T005181",
          "T048255",
          "398363",
          "T053154",
          "T053155",
          "T053317",
          "T053158",
          "T032255",
          "T053159",
          "T053156",
          "T053157",
          "T036273",
          "2951",
          "T002207",
          "T051349",
          "580789",
          "T027843",
          "T004181",
          "T025981"
        ]
      },
      "release_date": "2026-04-21T22:00:00.000+00:00",
      "title": "CVE-2026-22013"
    },
    {
      "cve": "CVE-2026-22016",
      "product_status": {
        "known_affected": [
          "T054153",
          "67646",
          "T053160",
          "T053107",
          "T053105",
          "T053688",
          "T053106",
          "T004914",
          "T034125",
          "T053104",
          "T019995",
          "T053318",
          "T000377",
          "T005181",
          "T048255",
          "398363",
          "T053154",
          "T053155",
          "T053317",
          "T053158",
          "T032255",
          "T053159",
          "T053156",
          "T053157",
          "T036273",
          "2951",
          "T002207",
          "T051349",
          "580789",
          "T027843",
          "T004181",
          "T025981"
        ]
      },
      "release_date": "2026-04-21T22:00:00.000+00:00",
      "title": "CVE-2026-22016"
    },
    {
      "cve": "CVE-2026-22018",
      "product_status": {
        "known_affected": [
          "T054153",
          "67646",
          "T053160",
          "T053107",
          "T053105",
          "T053688",
          "T053106",
          "T004914",
          "T034125",
          "T053104",
          "T019995",
          "T053318",
          "T000377",
          "T005181",
          "T048255",
          "398363",
          "T053154",
          "T053155",
          "T053317",
          "T053158",
          "T032255",
          "T053159",
          "T053156",
          "T053157",
          "T036273",
          "2951",
          "T002207",
          "T051349",
          "580789",
          "T027843",
          "T004181",
          "T025981"
        ]
      },
      "release_date": "2026-04-21T22:00:00.000+00:00",
      "title": "CVE-2026-22018"
    },
    {
      "cve": "CVE-2026-22021",
      "product_status": {
        "known_affected": [
          "T054153",
          "67646",
          "T053160",
          "T053107",
          "T053105",
          "T053688",
          "T053106",
          "T004914",
          "T034125",
          "T053104",
          "T019995",
          "T053318",
          "T000377",
          "T005181",
          "T048255",
          "398363",
          "T053154",
          "T053155",
          "T053317",
          "T053158",
          "T032255",
          "T053159",
          "T053156",
          "T053157",
          "T036273",
          "2951",
          "T002207",
          "T051349",
          "580789",
          "T027843",
          "T004181",
          "T025981"
        ]
      },
      "release_date": "2026-04-21T22:00:00.000+00:00",
      "title": "CVE-2026-22021"
    },
    {
      "cve": "CVE-2026-23865",
      "product_status": {
        "known_affected": [
          "T054153",
          "67646",
          "T053160",
          "T053107",
          "T053105",
          "T053688",
          "T053106",
          "T004914",
          "T034125",
          "T053104",
          "T019995",
          "T053318",
          "T000377",
          "T005181",
          "T048255",
          "398363",
          "T053154",
          "T053155",
          "T053317",
          "T053158",
          "T032255",
          "T053159",
          "T053156",
          "T053157",
          "T036273",
          "2951",
          "T002207",
          "T051349",
          "580789",
          "T027843",
          "T004181",
          "T025981"
        ]
      },
      "release_date": "2026-04-21T22:00:00.000+00:00",
      "title": "CVE-2026-23865"
    },
    {
      "cve": "CVE-2026-34268",
      "product_status": {
        "known_affected": [
          "T054153",
          "67646",
          "T053160",
          "T053107",
          "T053105",
          "T053688",
          "T053106",
          "T004914",
          "T034125",
          "T053104",
          "T019995",
          "T053318",
          "T000377",
          "T005181",
          "T048255",
          "398363",
          "T053154",
          "T053155",
          "T053317",
          "T053158",
          "T032255",
          "T053159",
          "T053156",
          "T053157",
          "T036273",
          "2951",
          "T002207",
          "T051349",
          "580789",
          "T027843",
          "T004181",
          "T025981"
        ]
      },
      "release_date": "2026-04-21T22:00:00.000+00:00",
      "title": "CVE-2026-34268"
    },
    {
      "cve": "CVE-2026-34282",
      "product_status": {
        "known_affected": [
          "T054153",
          "67646",
          "T053160",
          "T053107",
          "T053105",
          "T053688",
          "T053106",
          "T004914",
          "T034125",
          "T053104",
          "T019995",
          "T053318",
          "T000377",
          "T005181",
          "T048255",
          "398363",
          "T053154",
          "T053155",
          "T053317",
          "T053158",
          "T032255",
          "T053159",
          "T053156",
          "T053157",
          "T036273",
          "2951",
          "T002207",
          "T051349",
          "580789",
          "T027843",
          "T004181",
          "T025981"
        ]
      },
      "release_date": "2026-04-21T22:00:00.000+00:00",
      "title": "CVE-2026-34282"
    }
  ]
}

CVE-2026-20652 (GCVE-0-2026-20652)

Vulnerability from cvelistv5 – Published: 2026-02-11 22:59 – Updated: 2026-04-02 18:26

Summary

The issue was addressed with improved memory handling. This issue is fixed in Safari 26.3, iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, visionOS 26.3. A remote attacker may be able to cause a denial-of-service.

Severity

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

A remote attacker may be able to cause a denial-of-service

Assigner

apple

References

5 references

URL	Tags
https://support.apple.com/en-us/126346
https://support.apple.com/en-us/126347
https://support.apple.com/en-us/126348
https://support.apple.com/en-us/126353
https://support.apple.com/en-us/126354

Impacted products

4 products

Vendor	Product	Version
Apple	Safari	Affected: 0 , < 26.3 (custom)
Apple	iOS and iPadOS	Affected: 0 , < 18.7.5 (custom) Affected: 0 , < 26.3 (custom)
Apple	macOS	Affected: 0 , < 26.3 (custom)
Apple	visionOS	Affected: 0 , < 26.3 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-20652",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-12T19:30:51.349079Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-400",
                "description": "CWE-400 Uncontrolled Resource Consumption",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-12T19:31:21.723Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Safari",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "26.3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "iOS and iPadOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "18.7.5",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThan": "26.3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "macOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "26.3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "visionOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "26.3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The issue was addressed with improved memory handling. This issue is fixed in Safari 26.3, iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, visionOS 26.3. A remote attacker may be able to cause a denial-of-service."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "A remote attacker may be able to cause a denial-of-service",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-02T18:26:31.460Z",
        "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "shortName": "apple"
      },
      "references": [
        {
          "url": "https://support.apple.com/en-us/126346"
        },
        {
          "url": "https://support.apple.com/en-us/126347"
        },
        {
          "url": "https://support.apple.com/en-us/126348"
        },
        {
          "url": "https://support.apple.com/en-us/126353"
        },
        {
          "url": "https://support.apple.com/en-us/126354"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
    "assignerShortName": "apple",
    "cveId": "CVE-2026-20652",
    "datePublished": "2026-02-11T22:59:04.639Z",
    "dateReserved": "2025-11-11T14:43:07.864Z",
    "dateUpdated": "2026-04-02T18:26:31.460Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-22003 (GCVE-0-2026-22003)

Vulnerability from cvelistv5 – Published: 2026-04-21 20:35 – Updated: 2026-04-22 14:10

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u481 and 8u481-b50; Oracle GraalVM Enterprise Edition: 21.3.17. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Java SE, Oracle GraalVM Enterprise Edition executes to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 6.0 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:H).

Severity

6 (Medium)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:H

CWE

Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Java SE, Oracle GraalVM Enterprise Edition executes to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition.

Assigner

oracle

References

1 reference

URL	Tags
https://www.oracle.com/security-alerts/cpuapr2026.html	vendor-advisory

Impacted products

2 products

Vendor	Product	Version
Oracle Corporation	Oracle Java SE	Affected: 8u481 Affected: 8u481-b50
Oracle Corporation	Oracle GraalVM Enterprise Edition	Affected: 21.3.17

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-22003",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-22T14:09:59.127059Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-400",
                "description": "CWE-400 Uncontrolled Resource Consumption",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-22T14:10:38.643Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Oracle Java SE",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "8u481"
            },
            {
              "status": "affected",
              "version": "8u481-b50"
            }
          ]
        },
        {
          "product": "Oracle GraalVM Enterprise Edition",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "21.3.17"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:oracle:java_se:8u481:*:*:*:*:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:java_se:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "b50",
                  "versionStartIncluding": "8u481",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:graalvm:21.3.17:*:*:*:enterprise:*:*:*",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot).  Supported versions that are affected are Oracle Java SE: 8u481 and  8u481-b50; Oracle GraalVM Enterprise Edition: 21.3.17. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Java SE, Oracle GraalVM Enterprise Edition executes to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in  unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 6.0 (Integrity and Availability impacts).  CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:H)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Java SE, Oracle GraalVM Enterprise Edition executes to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in  unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition.",
              "lang": "en-US"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-21T20:35:02.518Z",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "Oracle Advisory",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2026.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2026-22003",
    "datePublished": "2026-04-21T20:35:02.518Z",
    "dateReserved": "2026-01-05T18:07:34.725Z",
    "dateUpdated": "2026-04-22T14:10:38.643Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-22007 (GCVE-0-2026-22007)

Vulnerability from cvelistv5 – Published: 2026-04-21 20:35 – Updated: 2026-04-22 14:05

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 and 21.0.10; Oracle GraalVM Enterprise Edition: 21.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition executes to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 2.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).

Severity

2.9 (Low)


                        
                          CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE

Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition executes to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data.

Assigner

oracle

References

1 reference

URL	Tags
https://www.oracle.com/security-alerts/cpuapr2026.html	vendor-advisory

Impacted products

3 products

Vendor	Product	Version
Oracle Corporation	Oracle Java SE	Affected: 8u481 Affected: 8u481-b50 Affected: 8u481-perf Affected: 11.0.30 Affected: 17.0.18 Affected: 21.0.10 Affected: 25.0.2 Affected: 26
Oracle Corporation	Oracle GraalVM for JDK	Affected: 17.0.18 Affected: 21.0.10
Oracle Corporation	Oracle GraalVM Enterprise Edition	Affected: 21.3.17

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-22007",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-22T14:05:16.229810Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-200",
                "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-22T14:05:28.424Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Oracle Java SE",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "8u481"
            },
            {
              "status": "affected",
              "version": "8u481-b50"
            },
            {
              "status": "affected",
              "version": "8u481-perf"
            },
            {
              "status": "affected",
              "version": "11.0.30"
            },
            {
              "status": "affected",
              "version": "17.0.18"
            },
            {
              "status": "affected",
              "version": "21.0.10"
            },
            {
              "status": "affected",
              "version": "25.0.2"
            },
            {
              "status": "affected",
              "version": "26"
            }
          ]
        },
        {
          "product": "Oracle GraalVM for JDK",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "17.0.18"
            },
            {
              "status": "affected",
              "version": "21.0.10"
            }
          ]
        },
        {
          "product": "Oracle GraalVM Enterprise Edition",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "21.3.17"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:oracle:java_se:8u481:*:*:*:*:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:java_se:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "b50",
                  "versionStartIncluding": "8u481",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:java_se:8u481:*:*:*:enterprise_performance:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:java_se:11.0.30:*:*:*:*:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:java_se:17.0.18:*:*:*:*:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:java_se:21.0.10:*:*:*:*:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:java_se:25.0.2:*:*:*:*:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:java_se:26:*:*:*:*:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:graalvm_for_jdk:17.0.18:*:*:*:*:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:graalvm_for_jdk:21.0.10:*:*:*:*:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:graalvm:21.3.17:*:*:*:enterprise:*:*:*",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security).  Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 and  21.0.10; Oracle GraalVM Enterprise Edition: 21.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition executes to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 2.9 (Confidentiality impacts).  CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 2.9,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition executes to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data.",
              "lang": "en-US"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-21T20:35:04.885Z",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "Oracle Advisory",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2026.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2026-22007",
    "datePublished": "2026-04-21T20:35:04.885Z",
    "dateReserved": "2026-01-05T18:07:34.726Z",
    "dateUpdated": "2026-04-22T14:05:28.424Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-22008 (GCVE-0-2026-22008)

Vulnerability from cvelistv5 – Published: 2026-04-21 20:35 – Updated: 2026-04-22 14:06

Summary

Vulnerability in Oracle Java SE (component: Libraries). The supported version that is affected is Oracle Java SE: 25.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).

Severity

3.7 (Low)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

CWE

Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE accessible data.

Assigner

oracle

References

1 reference

URL	Tags
https://www.oracle.com/security-alerts/cpuapr2026.html	vendor-advisory

Impacted products

1 product

Vendor	Product	Version
Oracle Corporation	Oracle Java SE	Affected: 25.0.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-22008",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-22T14:05:38.294631Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-250",
                "description": "CWE-250 Execution with Unnecessary Privileges",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-22T14:06:09.562Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Oracle Java SE",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "25.0.1"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:oracle:java_se:25.0.1:*:*:*:*:*:*:*",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Vulnerability in Oracle Java SE (component: Libraries).   The supported version that is affected is Oracle Java SE: 25.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Java SE accessible data.",
              "lang": "en-US"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-21T20:35:05.513Z",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "Oracle Advisory",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2026.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2026-22008",
    "datePublished": "2026-04-21T20:35:05.513Z",
    "dateReserved": "2026-01-05T18:07:34.726Z",
    "dateUpdated": "2026-04-22T14:06:09.562Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-22013 (GCVE-0-2026-22013)

Vulnerability from cvelistv5 – Published: 2026-04-21 20:35 – Updated: 2026-04-22 14:09

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JGSS). Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 and 21.0.10; Oracle GraalVM Enterprise Edition: 21.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N).

Severity

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

CWE

Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data.

Assigner

oracle

References

1 reference

URL	Tags
https://www.oracle.com/security-alerts/cpuapr2026.html	vendor-advisory

Impacted products

3 products

Vendor	Product	Version
Oracle Corporation	Oracle Java SE	Affected: 8u481 Affected: 8u481-b50 Affected: 8u481-perf Affected: 11.0.30 Affected: 17.0.18 Affected: 21.0.10 Affected: 25.0.2 Affected: 26
Oracle Corporation	Oracle GraalVM for JDK	Affected: 17.0.18 Affected: 21.0.10
Oracle Corporation	Oracle GraalVM Enterprise Edition	Affected: 21.3.17

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-22013",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-22T14:09:34.920958Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-693",
                "description": "CWE-693 Protection Mechanism Failure",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-22T14:09:54.302Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Oracle Java SE",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "8u481"
            },
            {
              "status": "affected",
              "version": "8u481-b50"
            },
            {
              "status": "affected",
              "version": "8u481-perf"
            },
            {
              "status": "affected",
              "version": "11.0.30"
            },
            {
              "status": "affected",
              "version": "17.0.18"
            },
            {
              "status": "affected",
              "version": "21.0.10"
            },
            {
              "status": "affected",
              "version": "25.0.2"
            },
            {
              "status": "affected",
              "version": "26"
            }
          ]
        },
        {
          "product": "Oracle GraalVM for JDK",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "17.0.18"
            },
            {
              "status": "affected",
              "version": "21.0.10"
            }
          ]
        },
        {
          "product": "Oracle GraalVM Enterprise Edition",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "21.3.17"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:oracle:java_se:8u481:*:*:*:*:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:java_se:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "b50",
                  "versionStartIncluding": "8u481",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:java_se:8u481:*:*:*:enterprise_performance:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:java_se:11.0.30:*:*:*:*:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:java_se:17.0.18:*:*:*:*:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:java_se:21.0.10:*:*:*:*:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:java_se:25.0.2:*:*:*:*:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:java_se:26:*:*:*:*:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:graalvm_for_jdk:17.0.18:*:*:*:*:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:graalvm_for_jdk:21.0.10:*:*:*:*:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:graalvm:21.3.17:*:*:*:enterprise:*:*:*",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JGSS).  Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 and  21.0.10; Oracle GraalVM Enterprise Edition: 21.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.  Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in  unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Confidentiality impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.  Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in  unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data.",
              "lang": "en-US"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-21T20:35:08.836Z",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "Oracle Advisory",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2026.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2026-22013",
    "datePublished": "2026-04-21T20:35:08.836Z",
    "dateReserved": "2026-01-05T18:07:34.727Z",
    "dateUpdated": "2026-04-22T14:09:54.302Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-22016 (GCVE-0-2026-22016)

Vulnerability from cvelistv5 – Published: 2026-04-21 20:35 – Updated: 2026-04-22 14:12

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 and 21.0.10; Oracle GraalVM Enterprise Edition: 21.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

Severity

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE

Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data.

Assigner

oracle

References

1 reference

URL	Tags
https://www.oracle.com/security-alerts/cpuapr2026.html	vendor-advisory

Impacted products

3 products

Vendor	Product	Version
Oracle Corporation	Oracle Java SE	Affected: 8u481 Affected: 8u481-b50 Affected: 8u481-perf Affected: 11.0.30 Affected: 17.0.18 Affected: 21.0.10 Affected: 25.0.2 Affected: 26
Oracle Corporation	Oracle GraalVM for JDK	Affected: 17.0.18 Affected: 21.0.10
Oracle Corporation	Oracle GraalVM Enterprise Edition	Affected: 21.3.17

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-22016",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-22T14:11:15.674948Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-200",
                "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
                "lang": "en",
                "type": "CWE"
              }
            ]
          },
          {
            "descriptions": [
              {
                "cweId": "CWE-502",
                "description": "CWE-502 Deserialization of Untrusted Data",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-22T14:12:01.017Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Oracle Java SE",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "8u481"
            },
            {
              "status": "affected",
              "version": "8u481-b50"
            },
            {
              "status": "affected",
              "version": "8u481-perf"
            },
            {
              "status": "affected",
              "version": "11.0.30"
            },
            {
              "status": "affected",
              "version": "17.0.18"
            },
            {
              "status": "affected",
              "version": "21.0.10"
            },
            {
              "status": "affected",
              "version": "25.0.2"
            },
            {
              "status": "affected",
              "version": "26"
            }
          ]
        },
        {
          "product": "Oracle GraalVM for JDK",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "17.0.18"
            },
            {
              "status": "affected",
              "version": "21.0.10"
            }
          ]
        },
        {
          "product": "Oracle GraalVM Enterprise Edition",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "21.3.17"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:oracle:java_se:8u481:*:*:*:*:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:java_se:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "b50",
                  "versionStartIncluding": "8u481",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:java_se:8u481:*:*:*:enterprise_performance:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:java_se:11.0.30:*:*:*:*:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:java_se:17.0.18:*:*:*:*:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:java_se:21.0.10:*:*:*:*:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:java_se:25.0.2:*:*:*:*:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:java_se:26:*:*:*:*:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:graalvm_for_jdk:17.0.18:*:*:*:*:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:graalvm_for_jdk:21.0.10:*:*:*:*:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:graalvm:21.3.17:*:*:*:enterprise:*:*:*",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP).  Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 and  21.0.10; Oracle GraalVM Enterprise Edition: 21.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 7.5 (Confidentiality impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data.",
              "lang": "en-US"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-21T20:35:10.242Z",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "Oracle Advisory",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2026.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2026-22016",
    "datePublished": "2026-04-21T20:35:10.242Z",
    "dateReserved": "2026-01-05T18:07:34.728Z",
    "dateUpdated": "2026-04-22T14:12:01.017Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-22018 (GCVE-0-2026-22018)

Vulnerability from cvelistv5 – Published: 2026-04-21 20:35 – Updated: 2026-04-22 14:06

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 and 21.0.10; Oracle GraalVM Enterprise Edition: 21.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).

Severity

3.7 (Low)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE

Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.

Assigner

oracle

References

1 reference

URL	Tags
https://www.oracle.com/security-alerts/cpuapr2026.html	vendor-advisory

Impacted products

3 products

Vendor	Product	Version
Oracle Corporation	Oracle Java SE	Affected: 8u481 Affected: 8u481-b50 Affected: 8u481-perf Affected: 11.0.30 Affected: 17.0.18 Affected: 21.0.10 Affected: 25.0.2 Affected: 26
Oracle Corporation	Oracle GraalVM for JDK	Affected: 17.0.18 Affected: 21.0.10
Oracle Corporation	Oracle GraalVM Enterprise Edition	Affected: 21.3.17

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-22018",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-22T14:05:52.390108Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-770",
                "description": "CWE-770 Allocation of Resources Without Limits or Throttling",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-22T14:06:10.533Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Oracle Java SE",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "8u481"
            },
            {
              "status": "affected",
              "version": "8u481-b50"
            },
            {
              "status": "affected",
              "version": "8u481-perf"
            },
            {
              "status": "affected",
              "version": "11.0.30"
            },
            {
              "status": "affected",
              "version": "17.0.18"
            },
            {
              "status": "affected",
              "version": "21.0.10"
            },
            {
              "status": "affected",
              "version": "25.0.2"
            },
            {
              "status": "affected",
              "version": "26"
            }
          ]
        },
        {
          "product": "Oracle GraalVM for JDK",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "17.0.18"
            },
            {
              "status": "affected",
              "version": "21.0.10"
            }
          ]
        },
        {
          "product": "Oracle GraalVM Enterprise Edition",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "21.3.17"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:oracle:java_se:8u481:*:*:*:*:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:java_se:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "b50",
                  "versionStartIncluding": "8u481",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:java_se:8u481:*:*:*:enterprise_performance:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:java_se:11.0.30:*:*:*:*:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:java_se:17.0.18:*:*:*:*:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:java_se:21.0.10:*:*:*:*:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:java_se:25.0.2:*:*:*:*:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:java_se:26:*:*:*:*:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:graalvm_for_jdk:17.0.18:*:*:*:*:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:graalvm_for_jdk:21.0.10:*:*:*:*:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:graalvm:21.3.17:*:*:*:enterprise:*:*:*",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries).  Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 and  21.0.10; Oracle GraalVM Enterprise Edition: 21.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.",
              "lang": "en-US"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-21T20:35:11.445Z",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "Oracle Advisory",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2026.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2026-22018",
    "datePublished": "2026-04-21T20:35:11.445Z",
    "dateReserved": "2026-01-05T18:07:34.728Z",
    "dateUpdated": "2026-04-22T14:06:10.533Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-22021 (GCVE-0-2026-22021)

Vulnerability from cvelistv5 – Published: 2026-04-21 20:35 – Updated: 2026-04-22 13:58

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 and 21.0.10; Oracle GraalVM Enterprise Edition: 21.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

Severity

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE

Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.

Assigner

oracle

References

1 reference

URL	Tags
https://www.oracle.com/security-alerts/cpuapr2026.html	vendor-advisory

Impacted products

3 products

Vendor	Product	Version
Oracle Corporation	Oracle Java SE	Affected: 8u481 Affected: 8u481-b50 Affected: 8u481-perf Affected: 11.0.30 Affected: 17.0.18 Affected: 21.0.10 Affected: 25.0.2 Affected: 26
Oracle Corporation	Oracle GraalVM for JDK	Affected: 17.0.18 Affected: 21.0.10
Oracle Corporation	Oracle GraalVM Enterprise Edition	Affected: 21.3.17

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-22021",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-22T13:58:16.461640Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-400",
                "description": "CWE-400 Uncontrolled Resource Consumption",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-22T13:58:23.932Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Oracle Java SE",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "8u481"
            },
            {
              "status": "affected",
              "version": "8u481-b50"
            },
            {
              "status": "affected",
              "version": "8u481-perf"
            },
            {
              "status": "affected",
              "version": "11.0.30"
            },
            {
              "status": "affected",
              "version": "17.0.18"
            },
            {
              "status": "affected",
              "version": "21.0.10"
            },
            {
              "status": "affected",
              "version": "25.0.2"
            },
            {
              "status": "affected",
              "version": "26"
            }
          ]
        },
        {
          "product": "Oracle GraalVM for JDK",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "17.0.18"
            },
            {
              "status": "affected",
              "version": "21.0.10"
            }
          ]
        },
        {
          "product": "Oracle GraalVM Enterprise Edition",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "21.3.17"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:oracle:java_se:8u481:*:*:*:*:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:java_se:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "b50",
                  "versionStartIncluding": "8u481",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:java_se:8u481:*:*:*:enterprise_performance:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:java_se:11.0.30:*:*:*:*:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:java_se:17.0.18:*:*:*:*:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:java_se:21.0.10:*:*:*:*:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:java_se:25.0.2:*:*:*:*:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:java_se:26:*:*:*:*:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:graalvm_for_jdk:17.0.18:*:*:*:*:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:graalvm_for_jdk:21.0.10:*:*:*:*:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:graalvm:21.3.17:*:*:*:enterprise:*:*:*",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE).  Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 and  21.0.10; Oracle GraalVM Enterprise Edition: 21.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 5.3 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.",
              "lang": "en-US"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-21T20:35:12.845Z",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "Oracle Advisory",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2026.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2026-22021",
    "datePublished": "2026-04-21T20:35:12.845Z",
    "dateReserved": "2026-01-05T18:07:34.731Z",
    "dateUpdated": "2026-04-22T13:58:23.932Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-23865 (GCVE-0-2026-23865)

Vulnerability from cvelistv5 – Published: 2026-03-02 16:09 – Updated: 2026-03-04 00:16

Summary

An integer overflow in the tt_var_load_item_variation_store function of the Freetype library in versions 2.13.2 and 2.13.3 may allow for an out of bounds read operation when parsing HVAR/VVAR/MVAR tables in OpenType variable fonts. This issue is fixed in version 2.14.2.

Severity

5.3 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C

CWE

CWE-125 - Out of Bounds Read

Assigner

URL	Tags
https://www.facebook.com/security/advisories/cve-…	x_refsource_CONFIRM
https://gitlab.com/freetype/freetype/-/commit/fc8…	x_refsource_CONFIRM
https://sourceforge.net/projects/freetype/files/f…	x_refsource_CONFIRM

Vendor	Product	Version
FreeType	FreeType	Affected: 2.13.2 , ≤ 2.13.3 (semver) Affected: 2.14.0 , ≤ 2.14.1 (semver)

CVE-2026-34268 (GCVE-0-2026-34268)

Vulnerability from cvelistv5 – Published: 2026-04-21 20:35 – Updated: 2026-04-22 13:55

Summary

Severity

2.9 (Low)


                        
                          CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE

Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition executes to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data.

Assigner

oracle

References

1 reference

URL	Tags
https://www.oracle.com/security-alerts/cpuapr2026.html	vendor-advisory

Impacted products

3 products

Vendor	Product	Version
Oracle Corporation	Oracle Java SE	Affected: 8u481 Affected: 8u481-b50 Affected: 8u481-perf Affected: 11.0.30 Affected: 17.0.18 Affected: 21.0.10 Affected: 25.0.2 Affected: 26
Oracle Corporation	Oracle GraalVM for JDK	Affected: 17.0.18 Affected: 21.0.10
Oracle Corporation	Oracle GraalVM Enterprise Edition	Affected: 21.3.17

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-34268",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-22T13:55:07.407266Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-200",
                "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-22T13:55:11.210Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Oracle Java SE",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "8u481"
            },
            {
              "status": "affected",
              "version": "8u481-b50"
            },
            {
              "status": "affected",
              "version": "8u481-perf"
            },
            {
              "status": "affected",
              "version": "11.0.30"
            },
            {
              "status": "affected",
              "version": "17.0.18"
            },
            {
              "status": "affected",
              "version": "21.0.10"
            },
            {
              "status": "affected",
              "version": "25.0.2"
            },
            {
              "status": "affected",
              "version": "26"
            }
          ]
        },
        {
          "product": "Oracle GraalVM for JDK",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "17.0.18"
            },
            {
              "status": "affected",
              "version": "21.0.10"
            }
          ]
        },
        {
          "product": "Oracle GraalVM Enterprise Edition",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "21.3.17"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:oracle:java_se:8u481:*:*:*:*:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:java_se:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "b50",
                  "versionStartIncluding": "8u481",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:java_se:8u481:*:*:*:enterprise_performance:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:java_se:11.0.30:*:*:*:*:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:java_se:17.0.18:*:*:*:*:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:java_se:21.0.10:*:*:*:*:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:java_se:25.0.2:*:*:*:*:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:java_se:26:*:*:*:*:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:graalvm_for_jdk:17.0.18:*:*:*:*:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:graalvm_for_jdk:21.0.10:*:*:*:*:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:graalvm:21.3.17:*:*:*:enterprise:*:*:*",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security).  Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 and  21.0.10; Oracle GraalVM Enterprise Edition: 21.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition executes to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 2.9 (Confidentiality impacts).  CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 2.9,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition executes to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data.",
              "lang": "en-US"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-21T20:35:14.204Z",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "Oracle Advisory",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2026.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2026-34268",
    "datePublished": "2026-04-21T20:35:14.204Z",
    "dateReserved": "2026-03-26T19:48:45.674Z",
    "dateUpdated": "2026-04-22T13:55:11.210Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

WID-SEC-W-2026-1201

CVE-2026-20652 (GCVE-0-2026-20652)

CVE-2026-22003 (GCVE-0-2026-22003)

CVE-2026-22007 (GCVE-0-2026-22007)

CVE-2026-22008 (GCVE-0-2026-22008)

CVE-2026-22013 (GCVE-0-2026-22013)

CVE-2026-22016 (GCVE-0-2026-22016)

CVE-2026-22018 (GCVE-0-2026-22018)

CVE-2026-22021 (GCVE-0-2026-22021)

CVE-2026-23865 (GCVE-0-2026-23865)

CVE-2026-34268 (GCVE-0-2026-34268)

Tags

Sightings

Nomenclature