CVE-2026-21925

CWE-32224 documents9 sources

Severity

4.8MEDIUM

EPSS

0.0%

top 89.91%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Oracle Corporation Oracle Graalvm Enterprise Edition Oracle Corporation Oracle Graalvm FOR JDK Oracle Corporation Oracle Java SE +4 more

Timeline

PublishedJan 20

Latest updateFeb 3

Description

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: RMI). Supported versions that are affected are Oracle Java SE: 8u471, 8u471-b50, 8u471-perf, 11.0.29, 17.0.17, 21.0.9, 25.0.1; Oracle GraalVM for JDK: 17.0.17 and 21.0.9; Oracle GraalVM Enterprise Edition: 21.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle Graal…

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:NExploitability: 2.2 | Impact: 2.5

Affected Packages18 packages

▶CVEListV5oracle_corporation/oracle_graalvm_enterprise_edition21.3.16

▶NVDoracle/graalvm21.3.16, 17.0.17, 21.0.9+2

▶CVEListV5oracle_corporation/oracle_java_se7 versions+6

▶CVEListV5oracle_corporation/oracle_graalvm_for_jdk17.0.17, 21.0.9+1

▶NVDoracle/jdk5 versions+4

🔴Vulnerability Details

OSV

openjdk-17 vulnerabilities↗2026-02-03

▶

OSV

openjdk-25-crac vulnerabilities↗2026-02-02

▶

OSV

openjdk-17-crac vulnerabilities↗2026-02-02

▶

OSV

openjdk-25 vulnerabilities↗2026-02-02

▶

OSV

openjdk-8 vulnerabilities↗2026-02-02

▶

📋Vendor Advisories

Ubuntu

OpenJDK 17 vulnerabilities↗2026-02-03

▶

Ubuntu

OpenJDK 21 vulnerabilities↗2026-02-02

▶

Ubuntu

OpenJDK 25 vulnerabilities↗2026-02-02

▶

Ubuntu

OpenJDK 8 vulnerabilities↗2026-02-02

▶

Ubuntu

CRaC JDK 21 vulnerabilities↗2026-02-02

▶

🕵️Threat Intelligence

Wiz

CVE-2026-21925 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶