PT-2026-3683 · Oracle+4 · Graalvm For Jdk 21.0.9+14

Zhihui Chen

·

Published

2026-01-20

·

Updated

2026-05-08

·

CVE-2026-21933

CVSS v2.0

6.4

Medium

VectorAV:N/AC:L/Au:N/C:P/I:P/A:N
Name of the Vulnerable Software and Affected Versions Oracle Java SE versions 8u471, 8u471-b50, 8u471-perf, 11.0.29, 17.0.17, 21.0.9, 25.0.1 Oracle GraalVM for JDK versions 17.0.17 and 21.0.9 Oracle GraalVM Enterprise Edition version 21.3.16
Description A flaw exists in the Networking component of Oracle Java SE, Oracle GraalVM for JDK, and Oracle GraalVM Enterprise Edition. An unauthenticated attacker with network access can compromise these products through multiple protocols. Exploitation requires interaction from a user other than the attacker. Successful attacks may lead to unauthorized data modification, insertion, deletion, or reading. The issue can be exploited through APIs, such as those exposed by a web service, and affects Java deployments that load and run untrusted code.
Recommendations Oracle Java SE version 8u471-perf Oracle Java SE version 8u471-b50 Oracle Java SE version 8u471 Oracle Java SE version 11.0.29 Oracle Java SE version 17.0.17 Oracle Java SE version 21.0.9 Oracle Java SE version 25.0.1 Oracle GraalVM for JDK version 17.0.17 Oracle GraalVM for JDK version 21.0.9 Oracle GraalVM Enterprise Edition version 21.3.16

Fix

RCE

Weakness Enumeration

CWE-20

Related Identifiers

ALSA-2026:0927
ALSA-2026:0928
ALSA-2026:0932
ALSA-2026:0933
BDU:2026-00694
BIT-JAVA-2026-21933
BIT-JAVA-MIN-2026-21933
BIT-JRE-2026-21933
CVE-2026-21933
MGASA-2026-0024
OPENSUSE-SU-2026:10091-1
OPENSUSE-SU-2026:10092-1
OPENSUSE-SU-2026:10093-1
OPENSUSE-SU-2026:10108-1
OPENSUSE-SU-2026:10133-1
OPENSUSE-SU-2026:10134-1
OPENSUSE-SU-2026:10135-1
OPENSUSE-SU-2026:10136-1
OPENSUSE-SU-2026:10137-1
OPENSUSE-SU-2026:10138-1
OPENSUSE-SU-2026:20126-1
OPENSUSE-SU-2026:20134-1
OPENSUSE-SU-2026:20143-1
RHSA-2026:0847
RHSA-2026:0927
RHSA-2026:0928
RHSA-2026:0931
RHSA-2026:0932
RHSA-2026:0933
RHSA-2026:4832
SUSE-SU-2026:0341-1
SUSE-SU-2026:0342-1
SUSE-SU-2026:0363-1
SUSE-SU-2026:0382-1
SUSE-SU-2026:0389-1
SUSE-SU-2026:0390-1
SUSE-SU-2026:0414-1
SUSE-SU-2026:0415-1
SUSE-SU-2026:0441-1
SUSE-SU-2026:0504-1
SUSE-SU-2026:20190-1
SUSE-SU-2026:20199-1
SUSE-SU-2026:20215-1
USN-7995-1
USN-7996-1
USN-7997-1
USN-7998-1
USN-8000-1
USN-8001-1
USN-8002-1
USN-8003-1

Affected Products

Graalvm Enterprise Edition 21.3.16
Graalvm For Jdk 17.0.17
Graalvm For Jdk 21.0.9
Java Platform
Java Se 11.0.29
Java Se 17.0.17
Java Se 21.0.9
Java Se 25.0.1
Java Se 8U471
Java Se 8U471-B50
Java Se 8U471-Perf
Linuxmint
Red Os
Rocky Linux
Ubuntu