CVE-2026-34282
Description
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 and 21.0.10; Oracle GraalVM Enterprise Edition: 21.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).
Affected products
143cpe:2.3:a:oracle:graalvm:21.3.17:*:*:*:enterprise:*:*:*+ 2 more
- cpe:2.3:a:oracle:graalvm:21.3.17:*:*:*:enterprise:*:*:*
- cpe:2.3:a:oracle:graalvm_for_jdk:17.0.18:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:graalvm_for_jdk:21.0.10:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:11.0.30:*:*:*:*:*:*:*+ 5 more
- cpe:2.3:a:oracle:jdk:11.0.30:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:17.0.18:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.8.0:update481:*:*:enterprise_performance_pack:*:*:*
- cpe:2.3:a:oracle:jdk:21.0.10:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:25.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:26:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:11.0.30:*:*:*:*:*:*:*+ 5 more
- cpe:2.3:a:oracle:jre:11.0.30:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:17.0.18:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.8.0:update481:*:*:enterprise_performance_pack:*:*:*
- cpe:2.3:a:oracle:jre:21.0.10:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:25.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:26:*:*:*:*:*:*:*
- Range: 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26
- Range: 21.3.17
- osv-coords126 versionspkg:apk/chainguard/openjdk-11-openj9pkg:apk/chainguard/openjdk-11-openj9-dbgpkg:apk/chainguard/openjdk-11-openj9-default-jdkpkg:apk/chainguard/openjdk-11-openj9-default-jvmpkg:apk/chainguard/openjdk-11-openj9-docpkg:apk/chainguard/openjdk-11-openj9-jmodspkg:apk/chainguard/openjdk-11-openj9-jrepkg:apk/chainguard/openjdk-17-openj9pkg:apk/chainguard/openjdk-17-openj9-dbgpkg:apk/chainguard/openjdk-17-openj9-default-jdkpkg:apk/chainguard/openjdk-17-openj9-default-jvmpkg:apk/chainguard/openjdk-17-openj9-docpkg:apk/chainguard/openjdk-17-openj9-jmodspkg:apk/chainguard/openjdk-17-openj9-jrepkg:apk/chainguard/openjdk-21pkg:apk/chainguard/openjdk-21-openj9pkg:apk/chainguard/openjdk-21-openj9-dbgpkg:apk/chainguard/openjdk-21-openj9-default-jdkpkg:apk/chainguard/openjdk-21-openj9-default-jvmpkg:apk/chainguard/openjdk-21-openj9-docpkg:apk/chainguard/openjdk-21-openj9-jmodspkg:apk/chainguard/openjdk-21-openj9-jrepkg:apk/chainguard/openjdk-25-openj9pkg:apk/chainguard/openjdk-25-openj9-dbgpkg:apk/chainguard/openjdk-25-openj9-default-jdkpkg:apk/chainguard/openjdk-25-openj9-default-jvmpkg:apk/chainguard/openjdk-25-openj9-jmodspkg:apk/chainguard/openjdk-25-openj9-jrepkg:apk/chainguard/openjdk-26pkg:apk/chainguard/openjdk-26-openj9pkg:apk/chainguard/openjdk-26-openj9-dbgpkg:apk/chainguard/openjdk-26-openj9-default-jdkpkg:apk/chainguard/openjdk-26-openj9-default-jvmpkg:apk/chainguard/openjdk-26-openj9-jmodspkg:apk/chainguard/openjdk-26-openj9-jrepkg:apk/chainguard/openjdk-8-openj9pkg:apk/chainguard/openjdk-8-openj9-dbgpkg:apk/chainguard/openjdk-8-openj9-default-jdkpkg:apk/chainguard/openjdk-8-openj9-default-jvmpkg:apk/chainguard/openjdk-8-openj9-docpkg:apk/chainguard/openjdk-8-openj9-jrepkg:apk/wolfi/openjdk-21pkg:apk/wolfi/openjdk-26pkg:bitnami/javapkg:bitnami/java-minpkg:bitnami/jrepkg:rpm/almalinux/java-17-openjdkpkg:rpm/almalinux/java-17-openjdk-demopkg:rpm/almalinux/java-17-openjdk-demo-fastdebugpkg:rpm/almalinux/java-17-openjdk-demo-slowdebugpkg:rpm/almalinux/java-17-openjdk-develpkg:rpm/almalinux/java-17-openjdk-devel-fastdebugpkg:rpm/almalinux/java-17-openjdk-devel-slowdebugpkg:rpm/almalinux/java-17-openjdk-fastdebugpkg:rpm/almalinux/java-17-openjdk-headlesspkg:rpm/almalinux/java-17-openjdk-headless-fastdebugpkg:rpm/almalinux/java-17-openjdk-headless-slowdebugpkg:rpm/almalinux/java-17-openjdk-javadocpkg:rpm/almalinux/java-17-openjdk-javadoc-zippkg:rpm/almalinux/java-17-openjdk-jmodspkg:rpm/almalinux/java-17-openjdk-jmods-fastdebugpkg:rpm/almalinux/java-17-openjdk-jmods-slowdebugpkg:rpm/almalinux/java-17-openjdk-slowdebugpkg:rpm/almalinux/java-17-openjdk-srcpkg:rpm/almalinux/java-17-openjdk-src-fastdebugpkg:rpm/almalinux/java-17-openjdk-src-slowdebugpkg:rpm/almalinux/java-17-openjdk-static-libspkg:rpm/almalinux/java-17-openjdk-static-libs-fastdebugpkg:rpm/almalinux/java-17-openjdk-static-libs-slowdebugpkg:rpm/almalinux/java-21-openjdkpkg:rpm/almalinux/java-21-openjdk-demopkg:rpm/almalinux/java-21-openjdk-demo-fastdebugpkg:rpm/almalinux/java-21-openjdk-demo-slowdebugpkg:rpm/almalinux/java-21-openjdk-develpkg:rpm/almalinux/java-21-openjdk-devel-fastdebugpkg:rpm/almalinux/java-21-openjdk-devel-slowdebugpkg:rpm/almalinux/java-21-openjdk-fastdebugpkg:rpm/almalinux/java-21-openjdk-headlesspkg:rpm/almalinux/java-21-openjdk-headless-fastdebugpkg:rpm/almalinux/java-21-openjdk-headless-slowdebugpkg:rpm/almalinux/java-21-openjdk-javadocpkg:rpm/almalinux/java-21-openjdk-javadoc-zippkg:rpm/almalinux/java-21-openjdk-jmodspkg:rpm/almalinux/java-21-openjdk-jmods-fastdebugpkg:rpm/almalinux/java-21-openjdk-jmods-slowdebugpkg:rpm/almalinux/java-21-openjdk-slowdebugpkg:rpm/almalinux/java-21-openjdk-srcpkg:rpm/almalinux/java-21-openjdk-src-fastdebugpkg:rpm/almalinux/java-21-openjdk-src-slowdebugpkg:rpm/almalinux/java-21-openjdk-static-libspkg:rpm/almalinux/java-21-openjdk-static-libs-fastdebugpkg:rpm/almalinux/java-21-openjdk-static-libs-slowdebugpkg:rpm/almalinux/java-25-openjdkpkg:rpm/almalinux/java-25-openjdk-crypto-adapterpkg:rpm/almalinux/java-25-openjdk-crypto-adapter-fastdebugpkg:rpm/almalinux/java-25-openjdk-crypto-adapter-slowdebugpkg:rpm/almalinux/java-25-openjdk-demopkg:rpm/almalinux/java-25-openjdk-demo-fastdebugpkg:rpm/almalinux/java-25-openjdk-demo-slowdebugpkg:rpm/almalinux/java-25-openjdk-develpkg:rpm/almalinux/java-25-openjdk-devel-fastdebugpkg:rpm/almalinux/java-25-openjdk-devel-slowdebugpkg:rpm/almalinux/java-25-openjdk-fastdebugpkg:rpm/almalinux/java-25-openjdk-headlesspkg:rpm/almalinux/java-25-openjdk-headless-fastdebugpkg:rpm/almalinux/java-25-openjdk-headless-slowdebugpkg:rpm/almalinux/java-25-openjdk-javadocpkg:rpm/almalinux/java-25-openjdk-javadoc-zippkg:rpm/almalinux/java-25-openjdk-jmodspkg:rpm/almalinux/java-25-openjdk-jmods-fastdebugpkg:rpm/almalinux/java-25-openjdk-jmods-slowdebugpkg:rpm/almalinux/java-25-openjdk-slowdebugpkg:rpm/almalinux/java-25-openjdk-srcpkg:rpm/almalinux/java-25-openjdk-src-fastdebugpkg:rpm/almalinux/java-25-openjdk-src-slowdebugpkg:rpm/almalinux/java-25-openjdk-static-libspkg:rpm/almalinux/java-25-openjdk-static-libs-fastdebugpkg:rpm/almalinux/java-25-openjdk-static-libs-slowdebugpkg:rpm/opensuse/java-11-openjdk&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/java-17-openj9&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/java-17-openjdk&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/java-21-openj9&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/java-21-openjdk&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/java-25-openj9&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/java-25-openjdk&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/java-26-openjdk&distro=openSUSE%20Tumbleweed
< 0.59.0-r2+ 125 more
- (no CPE)range: < 0.59.0-r2
- (no CPE)range: < 0.59.0-r2
- (no CPE)range: < 0.59.0-r2
- (no CPE)range: < 0.59.0-r2
- (no CPE)range: < 0.59.0-r2
- (no CPE)range: < 0.59.0-r2
- (no CPE)range: < 0.59.0-r2
- (no CPE)range: < 0.59.0-r1
- (no CPE)range: < 0.59.0-r1
- (no CPE)range: < 0.59.0-r1
- (no CPE)range: < 0.59.0-r1
- (no CPE)range: < 0.59.0-r1
- (no CPE)range: < 0.59.0-r1
- (no CPE)range: < 0.59.0-r1
- (no CPE)range: < 21.0.11-r0
- (no CPE)range: < 0.59.0-r1
- (no CPE)range: < 0.59.0-r1
- (no CPE)range: < 0.59.0-r1
- (no CPE)range: < 0.59.0-r1
- (no CPE)range: < 0.59.0-r1
- (no CPE)range: < 0.59.0-r1
- (no CPE)range: < 0.59.0-r1
- (no CPE)range: < 0.59.0-r1
- (no CPE)range: < 0.59.0-r1
- (no CPE)range: < 0.59.0-r1
- (no CPE)range: < 0.59.0-r1
- (no CPE)range: < 0.59.0-r1
- (no CPE)range: < 0.59.0-r1
- (no CPE)range: < 26.0.1-r0
- (no CPE)range: < 0.59.0-r1
- (no CPE)range: < 0.59.0-r1
- (no CPE)range: < 0.59.0-r1
- (no CPE)range: < 0.59.0-r1
- (no CPE)range: < 0.59.0-r1
- (no CPE)range: < 0.59.0-r1
- (no CPE)range: < 0.59.0-r1
- (no CPE)range: < 0.59.0-r1
- (no CPE)range: < 0.59.0-r1
- (no CPE)range: < 0.59.0-r1
- (no CPE)range: < 0.59.0-r1
- (no CPE)range: < 0.59.0-r1
- (no CPE)range: < 21.0.11-r0
- (no CPE)range: < 26.0.1-r0
- (no CPE)range: < 1.8.0
- (no CPE)range: < 1.8.0
- (no CPE)range: < 1.8.0
- (no CPE)range: < 1:17.0.19.0.10-1.el8
- (no CPE)range: < 1:17.0.19.0.10-1.el8
- (no CPE)range: < 1:17.0.19.0.10-1.el8
- (no CPE)range: < 1:17.0.19.0.10-1.el8
- (no CPE)range: < 1:17.0.19.0.10-1.el8
- (no CPE)range: < 1:17.0.19.0.10-1.el8
- (no CPE)range: < 1:17.0.19.0.10-1.el8
- (no CPE)range: < 1:17.0.19.0.10-1.el8
- (no CPE)range: < 1:17.0.19.0.10-1.el8
- (no CPE)range: < 1:17.0.19.0.10-1.el8
- (no CPE)range: < 1:17.0.19.0.10-1.el8
- (no CPE)range: < 1:17.0.19.0.10-1.el8
- (no CPE)range: < 1:17.0.19.0.10-1.el8
- (no CPE)range: < 1:17.0.19.0.10-1.el8
- (no CPE)range: < 1:17.0.19.0.10-1.el8
- (no CPE)range: < 1:17.0.19.0.10-1.el8
- (no CPE)range: < 1:17.0.19.0.10-1.el8
- (no CPE)range: < 1:17.0.19.0.10-1.el8
- (no CPE)range: < 1:17.0.19.0.10-1.el8
- (no CPE)range: < 1:17.0.19.0.10-1.el8
- (no CPE)range: < 1:17.0.19.0.10-1.el8
- (no CPE)range: < 1:17.0.19.0.10-1.el8
- (no CPE)range: < 1:17.0.19.0.10-1.el8
- (no CPE)range: < 1:21.0.11.0.10-2.el10_2.alma.1
- (no CPE)range: < 1:21.0.11.0.10-2.el10_2.alma.1
- (no CPE)range: < 1:21.0.11.0.10-2.el10_2.alma.1
- (no CPE)range: < 1:21.0.11.0.10-2.el10_2.alma.1
- (no CPE)range: < 1:21.0.11.0.10-2.el10_2.alma.1
- (no CPE)range: < 1:21.0.11.0.10-2.el10_2.alma.1
- (no CPE)range: < 1:21.0.11.0.10-2.el10_2.alma.1
- (no CPE)range: < 1:21.0.11.0.10-2.el10_2.alma.1
- (no CPE)range: < 1:21.0.11.0.10-2.el10_2.alma.1
- (no CPE)range: < 1:21.0.11.0.10-2.el10_2.alma.1
- (no CPE)range: < 1:21.0.11.0.10-2.el10_2.alma.1
- (no CPE)range: < 1:21.0.11.0.10-2.el10_2.alma.1
- (no CPE)range: < 1:21.0.11.0.10-2.el10_2.alma.1
- (no CPE)range: < 1:21.0.11.0.10-2.el10_2.alma.1
- (no CPE)range: < 1:21.0.11.0.10-2.el10_2.alma.1
- (no CPE)range: < 1:21.0.11.0.10-2.el10_2.alma.1
- (no CPE)range: < 1:21.0.11.0.10-2.el10_2.alma.1
- (no CPE)range: < 1:21.0.11.0.10-2.el10_2.alma.1
- (no CPE)range: < 1:21.0.11.0.10-2.el10_2.alma.1
- (no CPE)range: < 1:21.0.11.0.10-2.el10_2.alma.1
- (no CPE)range: < 1:21.0.11.0.10-2.el10_2.alma.1
- (no CPE)range: < 1:21.0.11.0.10-2.el10_2.alma.1
- (no CPE)range: < 1:21.0.11.0.10-2.el10_2.alma.1
- (no CPE)range: < 1:25.0.3.0.9-1.el10_2
- (no CPE)range: < 1:25.0.3.0.9-1.el10_2
- (no CPE)range: < 1:25.0.3.0.9-1.el10_2
- (no CPE)range: < 1:25.0.3.0.9-1.el10_2
- (no CPE)range: < 1:25.0.3.0.9-1.el10_2
- (no CPE)range: < 1:25.0.3.0.9-1.el10_2
- (no CPE)range: < 1:25.0.3.0.9-1.el10_2
- (no CPE)range: < 1:25.0.3.0.9-1.el10_2
- (no CPE)range: < 1:25.0.3.0.9-1.el10_2
- (no CPE)range: < 1:25.0.3.0.9-1.el10_2
- (no CPE)range: < 1:25.0.3.0.9-1.el10_2
- (no CPE)range: < 1:25.0.3.0.9-1.el10_2
- (no CPE)range: < 1:25.0.3.0.9-1.el10_2
- (no CPE)range: < 1:25.0.3.0.9-1.el10_2
- (no CPE)range: < 1:25.0.3.0.9-1.el10_2
- (no CPE)range: < 1:25.0.3.0.9-1.el10_2
- (no CPE)range: < 1:25.0.3.0.9-1.el10_2
- (no CPE)range: < 1:25.0.3.0.9-1.el10_2
- (no CPE)range: < 1:25.0.3.0.9-1.el10_2
- (no CPE)range: < 1:25.0.3.0.9-1.el10_2
- (no CPE)range: < 1:25.0.3.0.9-1.el10_2
- (no CPE)range: < 1:25.0.3.0.9-1.el10_2
- (no CPE)range: < 1:25.0.3.0.9-1.el10_2
- (no CPE)range: < 1:25.0.3.0.9-1.el10_2
- (no CPE)range: < 1:25.0.3.0.9-1.el10_2
- (no CPE)range: < 1:25.0.3.0.9-1.el10_2
- (no CPE)range: < 11.0.31.0-1.1
- (no CPE)range: < 17.0.19.0-bp160.1.1
- (no CPE)range: < 17.0.19.0-1.1
- (no CPE)range: < 21.0.11.0-bp160.1.1
- (no CPE)range: < 21.0.11.0-1.1
- (no CPE)range: < 25.0.3.0-1.1
- (no CPE)range: < 25.0.3.0-1.1
- (no CPE)range: < 26.0.1.0-1.1
Patches
Vulnerability mechanics
References
1- www.oracle.com/security-alerts/cpuapr2026.htmlnvdVendor Advisory
News mentions
0No linked articles in our index yet.