PT-2026-34088 · Oracle+2 · Graalvm Enterprise Edition+5

Published

2026-01-01

·

Updated

2026-05-29

·

CVE-2026-22021

CVSS v2.0

5.4

Medium

VectorAV:N/AC:H/Au:N/C:C/I:N/A:N
Name of the Vulnerable Software and Affected Versions Oracle Java SE versions 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26 Oracle GraalVM for JDK versions 17.0.18, 21.0.10 Oracle GraalVM Enterprise Edition version 21.3.17
Description An issue in the JSSE component allows an unauthenticated attacker with network access via HTTPS to cause a partial denial of service. This can be exploited through APIs in the affected component, such as via a web service providing data to those APIs. The issue also impacts Java deployments that load and run untrusted code, such as sandboxed Java Web Start applications or sandboxed Java applets, which rely on the Java sandbox for security.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Resource Exhaustion

Out of bounds Read

Weakness Enumeration

CWE-400CWE-125

Related Identifiers

ALSA-2026:9683
ALSA-2026:9686
ALSA-2026:9689
ALSA-2026:9693
BDU:2026-06614
BDU:2026-06615
BIT-JAVA-2026-22021
BIT-JAVA-MIN-2026-22021
BIT-JRE-2026-22021
CVE-2026-22021
OPENSUSE-SU-2026:10636-1
OPENSUSE-SU-2026:10637-1
OPENSUSE-SU-2026:10638-1
OPENSUSE-SU-2026:10639-1
OPENSUSE-SU-2026:10656-1
OPENSUSE-SU-2026:10724-1
OPENSUSE-SU-2026:10725-1
OPENSUSE-SU-2026:10726-1
OPENSUSE-SU-2026:10727-1
OPENSUSE-SU-2026:10893-1
RHSA-2026:11403
RHSA-2026:11655
RHSA-2026:11829
RHSA-2026:11902
RHSA-2026:9254
RHSA-2026:9682
RHSA-2026:9683
RHSA-2026:9686
RHSA-2026:9689
RHSA-2026:9693
USN-8327-1
USN-8328-1
USN-8330-1
USN-8331-1
USN-8332-1
USN-8333-1
USN-8334-1
USN-8339-1
USN-8341-1

Affected Products

Graalvm Enterprise Edition
Graalvm For Jdk
Java Platform
Java Se
Red Os
Rocky Linux