Security Vulnerability in Oracle Java SE and GraalVM Products
CVE-2026-34268

2.9LOW

Key Information:

Vendor

Oracle
Status
Oracle Java Se
Oracle Graalvm For Jdk
Oracle Graalvm Enterprise Edition
Vendor
CVE Published:
21 April 2026

What is CVE-2026-34268?

This security vulnerability in Oracle Java SE and GraalVM products enables an unauthenticated attacker with access to the infrastructure to exploit weaknesses, potentially leading to unauthorized read access to sensitive data. The vulnerability affects several versions of Oracle Java SE and its associated GraalVM products, particularly impacting deployments where Java applications are executed in environments that load untrusted code. Exploitation can occur through API interactions within the affected components.

Affected Version(s)

Oracle GraalVM Enterprise Edition 21.3.17

Oracle GraalVM for JDK 17.0.18

Oracle GraalVM for JDK 21.0.10

References

https://www.oracle.com/security-alerts/cpuapr2026.html
vendor-advisory

CVSS V3.1

Score:
2.9
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.