CVE-2026-21932

Name of the Vulnerable Software and Affected Versions Oracle Java SE versions 8u471, 8u471-b50, 8u471-perf, 11.0.29, 17.0.17, 21.0.9, 25.0.1 Oracle GraalVM for JDK versions 17.0.17 and 21.0.9 Oracle GraalVM Enterprise Edition version 21.3.16

Description An easily exploitable issue exists in Oracle Java SE, Oracle GraalVM for JDK, and Oracle GraalVM Enterprise Edition, specifically within the AWT and JavaFX components. An unauthenticated attacker with network access, utilizing multiple protocols, can compromise the software. Successful exploitation requires interaction from a user other than the attacker. The issue primarily affects Java deployments that load and execute untrusted code, such as Java Web Start applications or applets relying on the Java sandbox for security. Exploitation may lead to unauthorized modification, creation, or deletion of critical data accessible by Oracle Java SE, Oracle GraalVM for JDK, and Oracle GraalVM Enterprise Edition.

Recommendations Oracle Java SE version 8u471-b50 should be updated. Oracle Java SE version 8u471 should be updated. Oracle Java SE version 8u471-perf should be updated. Oracle Java SE version 11.0.29 should be updated. Oracle Java SE version 17.0.17 should be updated. Oracle Java SE version 21.0.9 should be updated. Oracle Java SE version 25.0.1 should be updated. Oracle GraalVM for JDK version 17.0.17 should be updated. Oracle GraalVM for JDK version 21.0.9 should be updated. Oracle GraalVM Enterprise Edition version 21.3.16 should be updated.