CVE-2026-22008

CVSS v3.1

3.7

Low

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions Oracle Java SE version 25.0.1

Description An issue in the Libraries component allows an unauthenticated attacker with network access via multiple protocols to compromise the system. This can lead to unauthorized update, insert, or delete access to certain accessible data. This affects deployments that load and run untrusted code, such as sandboxed Java Web Start applications or sandboxed Java applets, which rely on the Java sandbox for security.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-250

Related Identifiers

ALSA-2026:9693

BDU:2026-06609

BIT-JAVA-2026-22008

BIT-JAVA-MIN-2026-22008

BIT-JRE-2026-22008

CVE-2026-22008

OPENSUSE-SU-2026:10639-1

OPENSUSE-SU-2026:10893-1

RHSA-2026:7286

RHSA-2026:7311

RHSA-2026:9693

USN-8334-1

USN-8339-1

USN-8341-1

Affected Products

Java Platform

Java Se

CVE-2026-22008

Weakness Enumeration

Related Identifiers

Affected Products

References · 61