CNNVD-202601-3134 Information

Jan 20, 2026 cve

CNNVD ID

CNNVD-202601-3134

CVE-2026-21933

  • CNNVD Published: 2026-01-20

Description (Chinese)

Oracle Java SE是美国甲骨文(Oracle)公司的一款用于开发和部署桌面、服务器以及嵌入设备和实时环境中的Java应用程序。 Oracle Java SE的Oracle Java SE、Oracle GraalVM for JDK和Oracle GraalVM Enterprise Edition存在安全漏洞,该漏洞源于未经验证的攻击者可通过多种协议网络访问进行攻击,可能导致未经授权的数据访问。以下产品及版本受到影响:Oracle Java SE 8u471版本、8u471-b50版本、8u471-perf版本、11.0.29版本、17.0.17版本、21.0.9版本、25.0.1版本,Oracle GraalVM for JDK 17.0.17版本和21.0.9版本, Oracle GraalVM Enterprise Edition 21.3.16版本。

Description (English)

Oracle Java SE is a section of Oracle, United States, for the development and deployment of desktops, servers and Java applications embedded in equipment and real-time environments. Oracle Java SE, Oracle GraalVM for JDK and Oracle GraalVM Enterprise Edition has a security loophole, which stems from the fact that unverified attackers can attack through multiple protocol networks, which may lead to unauthorized data access. The following products and versions were affected: Oracle Java Se 8u471, 8u471-b50, 8u471-perf, 11.029, 17.0.17, 21.0.9, 25.0.1, Oracle GraalVM for JDK 17.0.17 and 21.0.9, Oracle GraalVM Enterprise 21.3.16.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

甲骨文

Published

2026-01-20

Last Modified

2026-02-24

References

https://www.oracle.com/security-alerts/cpujan2026.html

Patch

https://www.oracle.com/security-alerts/cpujan2026.html

Share on: