CVE-2026-22007: Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition executes to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. in Oracle Corporation Oracle Java SE
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 and 21.0.10; Oracle GraalVM Enterprise Edition: 21.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition executes to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 2.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).
AI Analysis
Technical Summary
This vulnerability (CVE-2026-22007) affects Oracle Java SE, Oracle GraalVM for JDK, and Oracle GraalVM Enterprise Edition in their Security component across multiple versions. It allows an unauthenticated attacker who has local logon access to the system where these products run to compromise the products by gaining unauthorized read access to a subset of accessible data. The vulnerability can be exploited via APIs, including web services that supply data to these APIs, and also affects sandboxed Java Web Start applications or applets that load untrusted code relying on the Java sandbox. The CVSS 3.1 vector indicates local attack vector, high attack complexity, no privileges required, no user interaction, unchanged scope, and low confidentiality impact. The vulnerability is difficult to exploit and does not affect integrity or availability. Oracle references this vulnerability in its April 2026 Critical Patch Update advisory but does not explicitly state patch availability or remediation status for this specific issue.
Potential Impact
Successful exploitation of this vulnerability can lead to unauthorized read access to some data accessible by Oracle Java SE, Oracle GraalVM for JDK, and Oracle GraalVM Enterprise Edition. There is no impact on integrity or availability. The attack requires local access with high complexity and no privileges or user interaction, limiting the practical risk. No known exploits in the wild have been reported.
Mitigation Recommendations
Oracle has included this vulnerability in its April 2026 Critical Patch Update advisory, which contains numerous security patches. However, the advisory does not explicitly confirm the availability of a specific patch or fix for CVE-2026-22007. Therefore, patch status is not yet confirmed—check the Oracle advisory at https://www.oracle.com/security-alerts/cpuapr2026.html for current remediation guidance. Oracle strongly recommends applying Critical Patch Updates promptly to mitigate vulnerabilities. Until a specific patch is confirmed, restrict local access to infrastructure running affected Oracle Java products to trusted users only.
CVE-2026-22007: Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition executes to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. in Oracle Corporation Oracle Java SE
Description
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 and 21.0.10; Oracle GraalVM Enterprise Edition: 21.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition executes to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 2.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability (CVE-2026-22007) affects Oracle Java SE, Oracle GraalVM for JDK, and Oracle GraalVM Enterprise Edition in their Security component across multiple versions. It allows an unauthenticated attacker who has local logon access to the system where these products run to compromise the products by gaining unauthorized read access to a subset of accessible data. The vulnerability can be exploited via APIs, including web services that supply data to these APIs, and also affects sandboxed Java Web Start applications or applets that load untrusted code relying on the Java sandbox. The CVSS 3.1 vector indicates local attack vector, high attack complexity, no privileges required, no user interaction, unchanged scope, and low confidentiality impact. The vulnerability is difficult to exploit and does not affect integrity or availability. Oracle references this vulnerability in its April 2026 Critical Patch Update advisory but does not explicitly state patch availability or remediation status for this specific issue.
Potential Impact
Successful exploitation of this vulnerability can lead to unauthorized read access to some data accessible by Oracle Java SE, Oracle GraalVM for JDK, and Oracle GraalVM Enterprise Edition. There is no impact on integrity or availability. The attack requires local access with high complexity and no privileges or user interaction, limiting the practical risk. No known exploits in the wild have been reported.
Mitigation Recommendations
Oracle has included this vulnerability in its April 2026 Critical Patch Update advisory, which contains numerous security patches. However, the advisory does not explicitly confirm the availability of a specific patch or fix for CVE-2026-22007. Therefore, patch status is not yet confirmed—check the Oracle advisory at https://www.oracle.com/security-alerts/cpuapr2026.html for current remediation guidance. Oracle strongly recommends applying Critical Patch Updates promptly to mitigate vulnerabilities. Until a specific patch is confirmed, restrict local access to infrastructure running affected Oracle Java products to trusted users only.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- oracle
- Date Reserved
- 2026-01-05T18:07:34.726Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
- Vendor Advisory Urls
- [{"url":"https://www.oracle.com/security-alerts/cpuapr2026.html","vendor":"Oracle"}]
Threat ID: 69e7e59e19fe3cd2cdf9f6d9
Added to database: 4/21/2026, 9:01:18 PM
Last enriched: 4/21/2026, 10:18:24 PM
Last updated: 4/22/2026, 6:06:51 AM
Views: 3
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.