CVE-2026-21947

CWE-79Cross-site Scripting (XSS)7 documents7 sources
Severity
3.1LOW
EPSS
0.0%
top 88.81%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Oracle Corporation Oracle Java SEOracle JDKOracle JRE
Timeline
PublishedJan 20
Latest updateJan 21

Description

Vulnerability in Oracle Java SE (component: JavaFX). Supported versions that are affected are Oracle Java SE: 8u471-b50. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE accessible data. Note: This v

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:NExploitability: 1.6 | Impact: 1.4

Affected Packages3 packages

NVDoracle/jdk1.8.0
NVDoracle/jre1.8.0

🔴Vulnerability Details

3
GHSA
GHSA-998g-2mp2-f264: Vulnerability in Oracle Java SE (component: JavaFX)2026-01-21
CVEList
CVE-2026-21947: Vulnerability in Oracle Java SE (component: JavaFX)2026-01-20
OSV
CVE-2026-21947: Vulnerability in Oracle Java SE (component: JavaFX)2026-01-20

📋Vendor Advisories

2
Oracle
Oracle Oracle Java SE Risk Matrix: JavaFX — CVE-2026-219472026-01-15
Debian
CVE-2026-21947: openjfx - Vulnerability in Oracle Java SE (component: JavaFX). Supported versions that ar...2026

🕵️Threat Intelligence

1
Wiz
CVE-2026-21947 Impact, Exploitability, and Mitigation Steps | Wiz