CVE-2026-34282

Name of the Vulnerable Software and Affected Versions Oracle Java SE versions 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26 Oracle GraalVM for JDK versions 17.0.18, 21.0.10 Oracle GraalVM Enterprise Edition version 21.3.17

Description An issue in the Networking component allows an unauthenticated attacker with network access via multiple protocols to compromise the system. Successful exploitation can result in a hang or frequently repeatable crash, leading to a complete Denial of Service (DOS). This flaw can be triggered using APIs in the affected component, such as through a web service providing data to those APIs. It also impacts Java deployments that load and run untrusted code, such as sandboxed Java Web Start applications or sandboxed Java applets, which rely on the Java sandbox for security.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.