Remote Vulnerability in Eclipse Open9J Can Lead to Server Crashes
CVE-2026-6918

8.7HIGH

Key Information:

Vendor: Eclipse Foundation
Status: Eclipse Openj9
Vendor: CVE Published:; 5 May 2026

🔔 Create Eclipse Foundation Vulnerability Alert

What is CVE-2026-6918?

In multiple versions of Eclipse Open9J, a vulnerability allows remote attackers to exploit pre-authentication mechanisms. By crafting a specific 32-byte TCP message, an attacker can cause the JITServer component to crash. This flaw highlights significant risks where servers are exposed to remote communications. Addressing this issue promptly is crucial to maintain system integrity and availability.

Affected Version(s)

Eclipse OpenJ9 0.21 < 0.59

References

https://github.com/eclipse-openj9/openj9/security/advisor...

https://github.com/eclipse-openj9/openj9/pull/23793

CVSS V4

Score:

8.7

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 5, 2026
Vulnerability Reserved
Apr 23, 2026

Credit

Sebastian Josue Alba Vives

CVE-2026-6918 Data

JSON