Vulnerability in Java SE Libraries Affecting Oracle Products
CVE-2026-22008

3.7LOW

Key Information:

Vendor: Oracle
Status: Oracle Java Se
Vendor: CVE Published:; 21 April 2026

What is CVE-2026-22008?

A vulnerability in Oracle Java SE's libraries can be exploited by an unauthenticated attacker with network access via multiple protocols. This issue particularly affects Java deployments that utilize sandboxed Java Web Start applications or applets which load and execute untrusted code from the internet. Successful exploitation could allow attackers to perform unauthorized updates, inserts, or deletions of data accessible to Oracle Java SE. However, it is important to note that this vulnerability does not affect environments where Java only runs trusted code.

Affected Version(s)

Oracle Java SE 25.0.1

References

https://www.oracle.com/security-alerts/cpuapr2026.html

vendor-advisory

CVSS V3.1

Score:

3.7

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 21, 2026
Vulnerability Reserved
Jan 5, 2026

CVE-2026-22008 Data

JSON