CNNVD-202601-3136 Information

Jan 20, 2026 cve

CNNVD ID

CNNVD-202601-3136

CVE-2026-21932

  • CNNVD Published: 2026-01-20

Description (Chinese)

Oracle Java SE是美国甲骨文(Oracle)公司的一款用于开发和部署桌面、服务器以及嵌入设备和实时环境中的Java应用程序。 Oracle Java SE的Oracle Java SE、Oracle GraalVM for JDK和Oracle GraalVM Enterprise Edition存在安全漏洞,该漏洞源于未经验证的攻击者可通过多种协议网络访问进行攻击,可能导致对关键数据的未经授权操作。以下产品及版本受到影响:Oracle Java SE 8u471版本、8u471-b50版本、8u471-perf版本、11.0.29版本、17.0.17版本、21.0.9版本、25.0.1版本,Oracle GraalVM for JDK 17.0.17版本和21.0.9版本, Oracle GraalVM Enterprise Edition 21.3.16版本。

Description (English)

Oracle Java SE is a section of Oracle, United States, for the development and deployment of desktops, servers and Java applications embedded in equipment and real-time environments. Oracle Java SE, Oracle GraalVM for JDK and Oracle GraalVM Enterprise Edition has a security loophole, which stems from the fact that unverified assailants can attack through multiple protocol networks, which may lead to unauthorized manipulation of key data. The following products and versions were affected: Oracle Java Se 8u471, 8u471-b50, 8u471-perf, 11.029, 17.0.17, 21.0.9, 25.0.1, Oracle GraalVM for JDK 17.0.17 and 21.0.9, Oracle GraalVM Enterprise 21.3.16.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

甲骨文

Published

2026-01-20

Last Modified

2026-02-24

References

https://www.oracle.com/security-alerts/cpujan2026.html

Patch

https://www.oracle.com/security-alerts/cpujan2026.html

Share on: