CVE-2026-22816Download of Code Without Integrity Check in Gradle

CWE-494Download of Code Without Integrity CheckCWE-829Inclusion of Functionality from Untrusted Control Sphere5 documents4 sources
Severity
8.6HIGHNVD
EPSS
0.0%
top 93.29%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
GradleDebian Gradle
Timeline
PublishedJan 16

Description

Gradle is a build automation tool, and its native-platform tool provides Java bindings for native APIs. When resolving dependencies in versions before 9.3.0, some exceptions were not treated as fatal errors and would not cause a repository to be disabled. If a build encountered one of these exceptions, Gradle would continue to the next repository in the list and potentially resolve dependencies from a different repository. If a Gradle build used an unresolvable host name, Gradle would continue t

CVSS vector

CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:H/SA:N

Affected Packages3 packages

CVEListV5gradle/gradle< 9.3.0
NVDgradle/gradle9.0.09.3.0+1
debiandebian/gradle

Patches

Patch: github.com

🔴Vulnerability Details

1
OSV
CVE-2026-22816: Gradle is a build automation tool, and its native-platform tool provides Java bindings for native APIs2026-01-16

📋Vendor Advisories

1
Debian
CVE-2026-22816: gradle - Gradle is a build automation tool, and its native-platform tool provides Java bi...2026

🕵️Threat Intelligence

2
Wiz
CVE-2026-22865 Impact, Exploitability, and Mitigation Steps | Wiz
Wiz
CVE-2026-22816 Impact, Exploitability, and Mitigation Steps | Wiz