CVEFinder.io

CVE-2026-34268

ℹī¸ low
🔍 Scan for this CVE
Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 and 21.0.10; Oracle GraalVM Enterprise Edition: 21.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Java SE, Oracle GraalVM fo

Description

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 and 21.0.10; Oracle GraalVM Enterprise Edition: 21.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition executes to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 2.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).

CVSS Score
2.9
Low
EPSS Score
0.0
Exploit Probability
Published Date
2026-04-21
First Seen: 2026-04-22
📊 Relative Risk Intelligence

This CVE is Lower Risk - more severe than 1.8% of all 329,456 vulnerabilities in our database.

#323,620
Below average severity
Severity Percentile
đŸŽ¯ CISA SSVC Assessment Updated: Apr 22, 2026
🔍 Exploitation Status
None
No known exploits
⚙ī¸ Automatable
NO
Requires human interaction
đŸ’Ĩ Technical Impact
Partial
Limited system impact
SSVC data provided by CISA
Last Modified 2026-04-27
Source NVD 🔗
CVSS Vector 3.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
CWE IDs (Weakness Types)
CWE-200

đŸ“Ļ Affected Products 15

Vendor Product Status Affected Versions
oracle jre Affected
v1.8.0
oracle jre Affected
v11.0.30
oracle jre Affected
v17.0.18
oracle jre Affected
v21.0.10
oracle jre Affected
v25.0.2
oracle jre Affected
v26
oracle jdk Affected
v1.8.0
oracle jdk Affected
v11.0.30
oracle jdk Affected
v17.0.18
oracle jdk Affected
v21.0.10
oracle jdk Affected
v25.0.2
oracle jdk Affected
v26
oracle graalvm Affected
v21.3.17
oracle graalvm_for_jdk Affected
v17.0.18
oracle graalvm_for_jdk Affected
v21.0.10

🔗 References 1

https://www.oracle.com/security-alerts/cpuapr2026.html
Vendor Advisory

🔗 Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2026-22003 đŸ”ļ medium 6.0 0.0 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). ... 2026-04-21
CVE-2026-22007 ℹī¸ low 2.9 0.0 Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE... 2026-04-21
CVE-2026-22013 đŸ”ļ medium 5.3 0.1 Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE... 2026-04-21
CVE-2026-22016 ⚠ī¸ high 7.5 0.1 Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE... 2026-04-21
CVE-2026-22018 ℹī¸ low 3.7 0.1 Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE... 2026-04-21
CVE-2026-22021 đŸ”ļ medium 5.3 0.1 Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE... 2026-04-21
These CVEs affect the same products