CVE-2026-21945

Name of the Vulnerable Software and Affected Versions Oracle Java SE versions 8u471, 8u471-b50, 8u471-perf, 11.0.29, 17.0.17, 21.0.9, 25.0.1 Oracle GraalVM for JDK versions 17.0.17 and 21.0.9 Oracle GraalVM Enterprise Edition version 21.3.16

Description An easily exploitable issue exists in Oracle Java SE, Oracle GraalVM for JDK, and Oracle GraalVM Enterprise Edition. An unauthenticated attacker with network access, through multiple protocols, can compromise the software. Successful exploitation may lead to a denial-of-service (DOS) condition, causing a hang or frequent crashes. This issue primarily affects Java deployments that load and execute untrusted code within a sandbox environment, such as Java Web Start applications or applets. It does not typically impact server-side Java deployments running only trusted code.

Recommendations Update Oracle Java SE to a version later than 25.0.1. Update Oracle GraalVM for JDK to a version later than 21.0.9. Update Oracle GraalVM Enterprise Edition to a version later than 21.3.16.