CVE-2026-21947

CVSS v3.1

3.1

Low

Vector

AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions Oracle Java SE versions 8u471-b50

Description A difficult-to-exploit issue exists in Oracle Java SE (JavaFX component) that allows an unauthenticated attacker with network access, via multiple protocols, to compromise the software. Successful attacks require interaction from a user other than the attacker and can result in unauthorized modification of Oracle Java SE data. This issue applies to Java deployments that load and execute untrusted code, such as Java Web Start applications or applets, relying on the Java sandbox for security. It does not affect server deployments running only trusted code.

Recommendations Update Oracle Java SE to a version later than 8u471-b50.

Fix

XSS

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79CWE-125

Related Identifiers

BDU:2026-00827

BIT-JAVA-2026-21947

BIT-JAVA-MIN-2026-21947

BIT-JRE-2026-21947

CVE-2026-21947

OPENSUSE-SU-2026:10204-1

Affected Products

Java Platform

Javafx

Oracle Java Se

Red Os

CVE-2026-21947

Weakness Enumeration

Related Identifiers

Affected Products

References · 19