Oracle · Graalvm For Jdk 17.0.17 · CVE-2026-21933
**Name of the Vulnerable Software and Affected Versions**
Oracle Java SE versions 8u471, 8u471-b50, 8u471-perf, 11.0.29, 17.0.17, 21.0.9, 25.0.1
Oracle GraalVM for JDK versions 17.0.17 and 21.0.9
Oracle GraalVM Enterprise Edition version 21.3.16
**Description**
A flaw exists in the Networking component of Oracle Java SE, Oracle GraalVM for JDK, and Oracle GraalVM Enterprise Edition. An unauthenticated attacker with network access can compromise these products through multiple protocols. Exploitation requires interaction from a user other than the attacker. Successful attacks may lead to unauthorized data modification, insertion, deletion, or reading. The issue can be exploited through APIs, such as those exposed by a web service, and affects Java deployments that load and run untrusted code.
**Recommendations**
Oracle Java SE version 8u471-perf
Oracle Java SE version 8u471-b50
Oracle Java SE version 8u471
Oracle Java SE version 11.0.29
Oracle Java SE version 17.0.17
Oracle Java SE version 21.0.9
Oracle Java SE version 25.0.1
Oracle GraalVM for JDK version 17.0.17
Oracle GraalVM for JDK version 21.0.9
Oracle GraalVM Enterprise Edition version 21.3.16