CVE-2026-21945 — Uncontrolled Resource Consumption in Corporation Oracle Graalvm Enterprise Edition

CWE-400 — Uncontrolled Resource Consumption CWE-295 — Improper Certificate Validation16 documents9 sources

Severity

7.5HIGHNVD

EPSS

0.1%

top 83.34%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Oracle Corporation Oracle Graalvm Enterprise Edition Oracle Corporation Oracle Graalvm FOR JDK Oracle Corporation Oracle Java SE +4 more

Timeline

PublishedJan 20

Latest updateFeb 3

Description

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u471, 8u471-b50, 8u471-perf, 11.0.29, 17.0.17, 21.0.9, 25.0.1; Oracle GraalVM for JDK: 17.0.17 and 21.0.9; Oracle GraalVM Enterprise Edition: 21.3.16. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle Gr…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages6 packages

▶CVEListV5oracle_corporation/oracle_graalvm_enterprise_edition21.3.16

▶CVEListV5oracle_corporation/oracle_java_se7 versions+6

▶NVDoracle/graalvm21.3.16, 17.0.17, 21.0.9+2

▶CVEListV5oracle_corporation/oracle_graalvm_for_jdk17.0.17, 21.0.9+1

▶NVDoracle/jdk5 versions+4

🔴Vulnerability Details

GHSA

GHSA-r2mr-x4h2-9chr: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security)↗2026-01-21

▶

OSV

CVE-2026-21945: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security)↗2026-01-20

▶

CVEList

CVE-2026-21945: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security)↗2026-01-20

▶

📋Vendor Advisories

Ubuntu

OpenJDK 17 vulnerabilities↗2026-02-03

▶

Ubuntu

OpenJDK 21 vulnerabilities↗2026-02-02

▶

Ubuntu

OpenJDK 25 vulnerabilities↗2026-02-02

▶

Ubuntu

OpenJDK 8 vulnerabilities↗2026-02-02

▶

Ubuntu

CRaC JDK 21 vulnerabilities↗2026-02-02

▶

🕵️Threat Intelligence

Wiz

CVE-2026-21945 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶