CVE-2026-22016
Description
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 and 21.0.10; Oracle GraalVM Enterprise Edition: 21.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
Affected products
174cpe:2.3:a:oracle:graalvm:21.3.17:*:*:*:enterprise:*:*:*+ 3 more
- cpe:2.3:a:oracle:graalvm:21.3.17:*:*:*:enterprise:*:*:*
- cpe:2.3:a:oracle:graalvm_for_jdk:17.0.18:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:graalvm_for_jdk:21.0.10:*:*:*:*:*:*:*
- (no CPE)range: 17.0.18, 21.0.10
cpe:2.3:a:oracle:jdk:11.0.30:*:*:*:*:*:*:*+ 7 more
- cpe:2.3:a:oracle:jdk:11.0.30:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:17.0.18:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.8.0:update481:*:*:-:*:*:*
- cpe:2.3:a:oracle:jdk:1.8.0:update481_b50:*:*:-:*:*:*
- cpe:2.3:a:oracle:jdk:1.8.0:update481:*:*:enterprise_performance_pack:*:*:*
- cpe:2.3:a:oracle:jdk:21.0.10:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:25.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:26:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:11.0.30:*:*:*:*:*:*:*+ 7 more
- cpe:2.3:a:oracle:jre:11.0.30:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:17.0.18:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.8.0:update481:*:*:-:*:*:*
- cpe:2.3:a:oracle:jre:1.8.0:update481_b50:*:*:-:*:*:*
- cpe:2.3:a:oracle:jre:1.8.0:update481:*:*:enterprise_performance_pack:*:*:*
- cpe:2.3:a:oracle:jre:21.0.10:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:25.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:26:*:*:*:*:*:*:*
- Range: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26
- Range: 21.3.17
- osv-coords152 versionspkg:apk/chainguard/openjdk-11-openj9pkg:apk/chainguard/openjdk-11-openj9-dbgpkg:apk/chainguard/openjdk-11-openj9-default-jdkpkg:apk/chainguard/openjdk-11-openj9-default-jvmpkg:apk/chainguard/openjdk-11-openj9-docpkg:apk/chainguard/openjdk-11-openj9-jmodspkg:apk/chainguard/openjdk-11-openj9-jrepkg:apk/chainguard/openjdk-17-openj9pkg:apk/chainguard/openjdk-17-openj9-dbgpkg:apk/chainguard/openjdk-17-openj9-default-jdkpkg:apk/chainguard/openjdk-17-openj9-default-jvmpkg:apk/chainguard/openjdk-17-openj9-docpkg:apk/chainguard/openjdk-17-openj9-jmodspkg:apk/chainguard/openjdk-17-openj9-jrepkg:apk/chainguard/openjdk-21pkg:apk/chainguard/openjdk-21-openj9pkg:apk/chainguard/openjdk-21-openj9-dbgpkg:apk/chainguard/openjdk-21-openj9-default-jdkpkg:apk/chainguard/openjdk-21-openj9-default-jvmpkg:apk/chainguard/openjdk-21-openj9-docpkg:apk/chainguard/openjdk-21-openj9-jmodspkg:apk/chainguard/openjdk-21-openj9-jrepkg:apk/chainguard/openjdk-25-openj9pkg:apk/chainguard/openjdk-25-openj9-dbgpkg:apk/chainguard/openjdk-25-openj9-default-jdkpkg:apk/chainguard/openjdk-25-openj9-default-jvmpkg:apk/chainguard/openjdk-25-openj9-jmodspkg:apk/chainguard/openjdk-25-openj9-jrepkg:apk/chainguard/openjdk-26pkg:apk/chainguard/openjdk-26-openj9pkg:apk/chainguard/openjdk-26-openj9-dbgpkg:apk/chainguard/openjdk-26-openj9-default-jdkpkg:apk/chainguard/openjdk-26-openj9-default-jvmpkg:apk/chainguard/openjdk-26-openj9-jmodspkg:apk/chainguard/openjdk-26-openj9-jrepkg:apk/chainguard/openjdk-8-openj9pkg:apk/chainguard/openjdk-8-openj9-dbgpkg:apk/chainguard/openjdk-8-openj9-default-jdkpkg:apk/chainguard/openjdk-8-openj9-default-jvmpkg:apk/chainguard/openjdk-8-openj9-docpkg:apk/chainguard/openjdk-8-openj9-jrepkg:apk/wolfi/openjdk-21pkg:apk/wolfi/openjdk-26pkg:bitnami/javapkg:bitnami/java-minpkg:bitnami/jrepkg:rpm/almalinux/java-17-openjdkpkg:rpm/almalinux/java-17-openjdk-demopkg:rpm/almalinux/java-17-openjdk-demo-fastdebugpkg:rpm/almalinux/java-17-openjdk-demo-slowdebugpkg:rpm/almalinux/java-17-openjdk-develpkg:rpm/almalinux/java-17-openjdk-devel-fastdebugpkg:rpm/almalinux/java-17-openjdk-devel-slowdebugpkg:rpm/almalinux/java-17-openjdk-fastdebugpkg:rpm/almalinux/java-17-openjdk-headlesspkg:rpm/almalinux/java-17-openjdk-headless-fastdebugpkg:rpm/almalinux/java-17-openjdk-headless-slowdebugpkg:rpm/almalinux/java-17-openjdk-javadocpkg:rpm/almalinux/java-17-openjdk-javadoc-zippkg:rpm/almalinux/java-17-openjdk-jmodspkg:rpm/almalinux/java-17-openjdk-jmods-fastdebugpkg:rpm/almalinux/java-17-openjdk-jmods-slowdebugpkg:rpm/almalinux/java-17-openjdk-slowdebugpkg:rpm/almalinux/java-17-openjdk-srcpkg:rpm/almalinux/java-17-openjdk-src-fastdebugpkg:rpm/almalinux/java-17-openjdk-src-slowdebugpkg:rpm/almalinux/java-17-openjdk-static-libspkg:rpm/almalinux/java-17-openjdk-static-libs-fastdebugpkg:rpm/almalinux/java-17-openjdk-static-libs-slowdebugpkg:rpm/almalinux/java-1.8.0-openjdkpkg:rpm/almalinux/java-1.8.0-openjdk-accessibilitypkg:rpm/almalinux/java-1.8.0-openjdk-accessibility-fastdebugpkg:rpm/almalinux/java-1.8.0-openjdk-accessibility-slowdebugpkg:rpm/almalinux/java-1.8.0-openjdk-demopkg:rpm/almalinux/java-1.8.0-openjdk-demo-fastdebugpkg:rpm/almalinux/java-1.8.0-openjdk-demo-slowdebugpkg:rpm/almalinux/java-1.8.0-openjdk-develpkg:rpm/almalinux/java-1.8.0-openjdk-devel-fastdebugpkg:rpm/almalinux/java-1.8.0-openjdk-devel-slowdebugpkg:rpm/almalinux/java-1.8.0-openjdk-fastdebugpkg:rpm/almalinux/java-1.8.0-openjdk-headlesspkg:rpm/almalinux/java-1.8.0-openjdk-headless-fastdebugpkg:rpm/almalinux/java-1.8.0-openjdk-headless-slowdebugpkg:rpm/almalinux/java-1.8.0-openjdk-javadocpkg:rpm/almalinux/java-1.8.0-openjdk-javadoc-zippkg:rpm/almalinux/java-1.8.0-openjdk-slowdebugpkg:rpm/almalinux/java-1.8.0-openjdk-srcpkg:rpm/almalinux/java-1.8.0-openjdk-src-fastdebugpkg:rpm/almalinux/java-1.8.0-openjdk-src-slowdebugpkg:rpm/almalinux/java-21-openjdkpkg:rpm/almalinux/java-21-openjdk-demopkg:rpm/almalinux/java-21-openjdk-demo-fastdebugpkg:rpm/almalinux/java-21-openjdk-demo-slowdebugpkg:rpm/almalinux/java-21-openjdk-develpkg:rpm/almalinux/java-21-openjdk-devel-fastdebugpkg:rpm/almalinux/java-21-openjdk-devel-slowdebugpkg:rpm/almalinux/java-21-openjdk-fastdebugpkg:rpm/almalinux/java-21-openjdk-headlesspkg:rpm/almalinux/java-21-openjdk-headless-fastdebugpkg:rpm/almalinux/java-21-openjdk-headless-slowdebugpkg:rpm/almalinux/java-21-openjdk-javadocpkg:rpm/almalinux/java-21-openjdk-javadoc-zippkg:rpm/almalinux/java-21-openjdk-jmodspkg:rpm/almalinux/java-21-openjdk-jmods-fastdebugpkg:rpm/almalinux/java-21-openjdk-jmods-slowdebugpkg:rpm/almalinux/java-21-openjdk-slowdebugpkg:rpm/almalinux/java-21-openjdk-srcpkg:rpm/almalinux/java-21-openjdk-src-fastdebugpkg:rpm/almalinux/java-21-openjdk-src-slowdebugpkg:rpm/almalinux/java-21-openjdk-static-libspkg:rpm/almalinux/java-21-openjdk-static-libs-fastdebugpkg:rpm/almalinux/java-21-openjdk-static-libs-slowdebugpkg:rpm/almalinux/java-25-openjdkpkg:rpm/almalinux/java-25-openjdk-crypto-adapterpkg:rpm/almalinux/java-25-openjdk-crypto-adapter-fastdebugpkg:rpm/almalinux/java-25-openjdk-crypto-adapter-slowdebugpkg:rpm/almalinux/java-25-openjdk-demopkg:rpm/almalinux/java-25-openjdk-demo-fastdebugpkg:rpm/almalinux/java-25-openjdk-demo-slowdebugpkg:rpm/almalinux/java-25-openjdk-develpkg:rpm/almalinux/java-25-openjdk-devel-fastdebugpkg:rpm/almalinux/java-25-openjdk-devel-slowdebugpkg:rpm/almalinux/java-25-openjdk-fastdebugpkg:rpm/almalinux/java-25-openjdk-headlesspkg:rpm/almalinux/java-25-openjdk-headless-fastdebugpkg:rpm/almalinux/java-25-openjdk-headless-slowdebugpkg:rpm/almalinux/java-25-openjdk-javadocpkg:rpm/almalinux/java-25-openjdk-javadoc-zippkg:rpm/almalinux/java-25-openjdk-jmodspkg:rpm/almalinux/java-25-openjdk-jmods-fastdebugpkg:rpm/almalinux/java-25-openjdk-jmods-slowdebugpkg:rpm/almalinux/java-25-openjdk-slowdebugpkg:rpm/almalinux/java-25-openjdk-srcpkg:rpm/almalinux/java-25-openjdk-src-fastdebugpkg:rpm/almalinux/java-25-openjdk-src-slowdebugpkg:rpm/almalinux/java-25-openjdk-static-libspkg:rpm/almalinux/java-25-openjdk-static-libs-fastdebugpkg:rpm/almalinux/java-25-openjdk-static-libs-slowdebugpkg:rpm/opensuse/java-11-openj9&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/java-11-openjdk&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/java-17-openj9&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/java-17-openj9&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/java-17-openjdk&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/java-1_8_0-openj9&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/java-1_8_0-openjdk&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/java-21-openj9&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/java-21-openj9&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/java-21-openjdk&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/java-25-openjdk&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/java-26-openjdk&distro=openSUSE%20Tumbleweedpkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5-LTSSpkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5
< 0.59.0-r2+ 151 more
- (no CPE)range: < 0.59.0-r2
- (no CPE)range: < 0.59.0-r2
- (no CPE)range: < 0.59.0-r2
- (no CPE)range: < 0.59.0-r2
- (no CPE)range: < 0.59.0-r2
- (no CPE)range: < 0.59.0-r2
- (no CPE)range: < 0.59.0-r2
- (no CPE)range: < 0.59.0-r1
- (no CPE)range: < 0.59.0-r1
- (no CPE)range: < 0.59.0-r1
- (no CPE)range: < 0.59.0-r1
- (no CPE)range: < 0.59.0-r1
- (no CPE)range: < 0.59.0-r1
- (no CPE)range: < 0.59.0-r1
- (no CPE)range: < 21.0.11-r0
- (no CPE)range: < 0.59.0-r1
- (no CPE)range: < 0.59.0-r1
- (no CPE)range: < 0.59.0-r1
- (no CPE)range: < 0.59.0-r1
- (no CPE)range: < 0.59.0-r1
- (no CPE)range: < 0.59.0-r1
- (no CPE)range: < 0.59.0-r1
- (no CPE)range: < 0.59.0-r1
- (no CPE)range: < 0.59.0-r1
- (no CPE)range: < 0.59.0-r1
- (no CPE)range: < 0.59.0-r1
- (no CPE)range: < 0.59.0-r1
- (no CPE)range: < 0.59.0-r1
- (no CPE)range: < 26.0.1-r0
- (no CPE)range: < 0.59.0-r1
- (no CPE)range: < 0.59.0-r1
- (no CPE)range: < 0.59.0-r1
- (no CPE)range: < 0.59.0-r1
- (no CPE)range: < 0.59.0-r1
- (no CPE)range: < 0.59.0-r1
- (no CPE)range: < 0.59.0-r1
- (no CPE)range: < 0.59.0-r1
- (no CPE)range: < 0.59.0-r1
- (no CPE)range: < 0.59.0-r1
- (no CPE)range: < 0.59.0-r1
- (no CPE)range: < 0.59.0-r1
- (no CPE)range: < 21.0.11-r0
- (no CPE)range: < 26.0.1-r0
- (no CPE)range: < 1.8.0
- (no CPE)range: < 1.8.0
- (no CPE)range: < 1.8.0
- (no CPE)range: < 1:17.0.19.0.10-1.el8
- (no CPE)range: < 1:17.0.19.0.10-1.el8
- (no CPE)range: < 1:17.0.19.0.10-1.el8
- (no CPE)range: < 1:17.0.19.0.10-1.el8
- (no CPE)range: < 1:17.0.19.0.10-1.el8
- (no CPE)range: < 1:17.0.19.0.10-1.el8
- (no CPE)range: < 1:17.0.19.0.10-1.el8
- (no CPE)range: < 1:17.0.19.0.10-1.el8
- (no CPE)range: < 1:17.0.19.0.10-1.el8
- (no CPE)range: < 1:17.0.19.0.10-1.el8
- (no CPE)range: < 1:17.0.19.0.10-1.el8
- (no CPE)range: < 1:17.0.19.0.10-1.el8
- (no CPE)range: < 1:17.0.19.0.10-1.el8
- (no CPE)range: < 1:17.0.19.0.10-1.el8
- (no CPE)range: < 1:17.0.19.0.10-1.el8
- (no CPE)range: < 1:17.0.19.0.10-1.el8
- (no CPE)range: < 1:17.0.19.0.10-1.el8
- (no CPE)range: < 1:17.0.19.0.10-1.el8
- (no CPE)range: < 1:17.0.19.0.10-1.el8
- (no CPE)range: < 1:17.0.19.0.10-1.el8
- (no CPE)range: < 1:17.0.19.0.10-1.el8
- (no CPE)range: < 1:17.0.19.0.10-1.el8
- (no CPE)range: < 1:17.0.19.0.10-1.el8
- (no CPE)range: < 1:1.8.0.492.b09-1.el8
- (no CPE)range: < 1:1.8.0.492.b09-1.el8
- (no CPE)range: < 1:1.8.0.492.b09-1.el8
- (no CPE)range: < 1:1.8.0.492.b09-1.el8
- (no CPE)range: < 1:1.8.0.492.b09-1.el8
- (no CPE)range: < 1:1.8.0.492.b09-1.el8
- (no CPE)range: < 1:1.8.0.492.b09-1.el8
- (no CPE)range: < 1:1.8.0.492.b09-1.el8
- (no CPE)range: < 1:1.8.0.492.b09-1.el8
- (no CPE)range: < 1:1.8.0.492.b09-1.el8
- (no CPE)range: < 1:1.8.0.492.b09-1.el8
- (no CPE)range: < 1:1.8.0.492.b09-1.el8
- (no CPE)range: < 1:1.8.0.492.b09-1.el8
- (no CPE)range: < 1:1.8.0.492.b09-1.el8
- (no CPE)range: < 1:1.8.0.492.b09-1.el8
- (no CPE)range: < 1:1.8.0.492.b09-1.el8
- (no CPE)range: < 1:1.8.0.492.b09-1.el8
- (no CPE)range: < 1:1.8.0.492.b09-1.el8
- (no CPE)range: < 1:1.8.0.492.b09-1.el8
- (no CPE)range: < 1:1.8.0.492.b09-1.el8
- (no CPE)range: < 1:21.0.11.0.10-2.el10_2.alma.1
- (no CPE)range: < 1:21.0.11.0.10-2.el10_2.alma.1
- (no CPE)range: < 1:21.0.11.0.10-2.el10_2.alma.1
- (no CPE)range: < 1:21.0.11.0.10-2.el10_2.alma.1
- (no CPE)range: < 1:21.0.11.0.10-2.el10_2.alma.1
- (no CPE)range: < 1:21.0.11.0.10-2.el10_2.alma.1
- (no CPE)range: < 1:21.0.11.0.10-2.el10_2.alma.1
- (no CPE)range: < 1:21.0.11.0.10-2.el10_2.alma.1
- (no CPE)range: < 1:21.0.11.0.10-2.el10_2.alma.1
- (no CPE)range: < 1:21.0.11.0.10-2.el10_2.alma.1
- (no CPE)range: < 1:21.0.11.0.10-2.el10_2.alma.1
- (no CPE)range: < 1:21.0.11.0.10-2.el10_2.alma.1
- (no CPE)range: < 1:21.0.11.0.10-2.el10_2.alma.1
- (no CPE)range: < 1:21.0.11.0.10-2.el10_2.alma.1
- (no CPE)range: < 1:21.0.11.0.10-2.el10_2.alma.1
- (no CPE)range: < 1:21.0.11.0.10-2.el10_2.alma.1
- (no CPE)range: < 1:21.0.11.0.10-2.el10_2.alma.1
- (no CPE)range: < 1:21.0.11.0.10-2.el10_2.alma.1
- (no CPE)range: < 1:21.0.11.0.10-2.el10_2.alma.1
- (no CPE)range: < 1:21.0.11.0.10-2.el10_2.alma.1
- (no CPE)range: < 1:21.0.11.0.10-2.el10_2.alma.1
- (no CPE)range: < 1:21.0.11.0.10-2.el10_2.alma.1
- (no CPE)range: < 1:21.0.11.0.10-2.el10_2.alma.1
- (no CPE)range: < 1:25.0.3.0.9-1.el10_2
- (no CPE)range: < 1:25.0.3.0.9-1.el10_2
- (no CPE)range: < 1:25.0.3.0.9-1.el10_2
- (no CPE)range: < 1:25.0.3.0.9-1.el10_2
- (no CPE)range: < 1:25.0.3.0.9-1.el10_2
- (no CPE)range: < 1:25.0.3.0.9-1.el10_2
- (no CPE)range: < 1:25.0.3.0.9-1.el10_2
- (no CPE)range: < 1:25.0.3.0.9-1.el10_2
- (no CPE)range: < 1:25.0.3.0.9-1.el10_2
- (no CPE)range: < 1:25.0.3.0.9-1.el10_2
- (no CPE)range: < 1:25.0.3.0.9-1.el10_2
- (no CPE)range: < 1:25.0.3.0.9-1.el10_2
- (no CPE)range: < 1:25.0.3.0.9-1.el10_2
- (no CPE)range: < 1:25.0.3.0.9-1.el10_2
- (no CPE)range: < 1:25.0.3.0.9-1.el10_2
- (no CPE)range: < 1:25.0.3.0.9-1.el10_2
- (no CPE)range: < 1:25.0.3.0.9-1.el10_2
- (no CPE)range: < 1:25.0.3.0.9-1.el10_2
- (no CPE)range: < 1:25.0.3.0.9-1.el10_2
- (no CPE)range: < 1:25.0.3.0.9-1.el10_2
- (no CPE)range: < 1:25.0.3.0.9-1.el10_2
- (no CPE)range: < 1:25.0.3.0.9-1.el10_2
- (no CPE)range: < 1:25.0.3.0.9-1.el10_2
- (no CPE)range: < 1:25.0.3.0.9-1.el10_2
- (no CPE)range: < 1:25.0.3.0.9-1.el10_2
- (no CPE)range: < 1:25.0.3.0.9-1.el10_2
- (no CPE)range: < 11.0.31.0-1.1
- (no CPE)range: < 11.0.31.0-1.1
- (no CPE)range: < 17.0.19.0-bp160.1.1
- (no CPE)range: < 17.0.19.0-1.1
- (no CPE)range: < 17.0.19.0-1.1
- (no CPE)range: < 1.8.0.492-1.1
- (no CPE)range: < 1.8.0.492-1.1
- (no CPE)range: < 21.0.11.0-bp160.1.1
- (no CPE)range: < 21.0.11.0-1.1
- (no CPE)range: < 21.0.11.0-1.1
- (no CPE)range: < 25.0.3.0-1.1
- (no CPE)range: < 26.0.1.0-1.1
- (no CPE)range: < 1.8.0_sr8.65-30.150.1
- (no CPE)range: < 1.8.0_sr8.65-30.150.1
Patches
Vulnerability mechanics
References
1- www.oracle.com/security-alerts/cpuapr2026.htmlnvdVendor Advisory
News mentions
0No linked articles in our index yet.