Security Vulnerability in Oracle Java SE and GraalVM Products
CVE-2026-22007

2.9LOW

Key Information:

Vendor: Oracle
Status: Oracle Java Se; Oracle Graalvm For Jdk; Oracle Graalvm Enterprise Edition
Vendor: CVE Published:; 21 April 2026

What is CVE-2026-22007?

A security vulnerability exists in Oracle's Java SE and GraalVM products, which are susceptible to exploitation by unauthenticated attackers. When executed within the infrastructure where these applications operate, attackers can gain unauthorized read access to sensitive data. The issue is exacerbated in Java environments that allow untrusted code execution through sandboxed applications or applets, potentially leading to significant confidentiality risks. Effective mitigation measures should be implemented to safeguard against unauthorized access and data exposure.

Affected Version(s)

Oracle GraalVM Enterprise Edition 21.3.17

Oracle GraalVM for JDK 17.0.18

Oracle GraalVM for JDK 21.0.10

References

https://www.oracle.com/security-alerts/cpuapr2026.html

vendor-advisory

CVSS V3.1

Score:

2.9

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 21, 2026
Vulnerability Reserved
Jan 5, 2026

CVE-2026-22007 Data

JSON