CVE-2026-22816

Name of the Vulnerable Software and Affected Versions Gradle versions prior to 9.3.0

Description Gradle’s native-platform tool, which provides Java bindings for native APIs, does not treat certain exceptions as fatal errors when resolving dependencies in versions before 9.3.0. This allows Gradle to continue to the next repository, potentially resolving dependencies from a different source. Specifically, an unresolvable host name does not halt the process, allowing an attacker to register a service under the build’s host name and serve malicious artifacts if the malicious repository is listed before others in the build configuration.

Recommendations Update to Gradle version 9.3.0 or later.