CVE-2026-21925

Name of the Vulnerable Software and Affected Versions Oracle Java SE versions 8u471, 8u471-b50, 8u471-perf Oracle Java SE version 11.0.29 Oracle Java SE version 17.0.17 Oracle Java SE version 21.0.9 Oracle Java SE version 25.0.1 Oracle GraalVM for JDK versions 17.0.17 and 21.0.9 Oracle GraalVM Enterprise Edition version 21.3.16

Description A difficult to exploit issue exists in the RMI component of Oracle Java SE, Oracle GraalVM for JDK, and Oracle GraalVM Enterprise Edition. An unauthenticated attacker with network access via multiple protocols can compromise the software. Successful attacks may lead to unauthorized data modification, insertion, deletion, or reading of accessible data. The issue can be exploited through APIs, such as via a web service supplying data to these APIs. It also affects Java deployments that load and run untrusted code, relying on the Java sandbox for security.

Recommendations Oracle Java SE versions prior to 8u471, 8u471-b50, 8u471-perf should be updated. Oracle Java SE version 11.0.29 should be updated. Oracle Java SE versions prior to 17.0.17 should be updated. Oracle Java SE versions prior to 21.0.9 should be updated. Oracle Java SE versions prior to 25.0.1 should be updated. Oracle GraalVM for JDK versions prior to 17.0.17 and 21.0.9 should be updated. Oracle GraalVM Enterprise Edition version 21.3.16 should be updated.