This Red Hat security advisory (RHSA-2026:11403) announces an update for Red Hat Hardened Images RPMs, specifically for the java-21-openjdk-portable packages across aarch64 and x86_64 platforms. The update addresses multiple vulnerabilities identified by seven CVEs, including CVE-2026-22007 and others. The advisory lists the updated RPM versions but does not explicitly confirm the presence of fixes or detailed vulnerability descriptions. The vulnerabilities are associated with CWEs such as CWE-327 (Use of a Broken or Risky Cryptographic Algorithm), CWE-319 (Cleartext Transmission of Sensitive Information), CWE-611 (Improper Restriction of XML External Entity Reference), CWE-125 (Out-of-bounds Read), CWE-674 (Uncontrolled Recursion), and CWE-835 (Loop with Unreachable Exit Condition). No known exploits in the wild are reported. The advisory directs users to Red Hat's image update site for applying the update.

The vulnerabilities addressed by this advisory are rated as high severity and affect Red Hat Hardened Images RPMs, particularly the java-21-openjdk-portable packages. The associated CWEs suggest potential risks including cryptographic weaknesses, information exposure, XML external entity injection, memory safety issues, and logic errors that could impact confidentiality, integrity, or availability. However, no known exploits in the wild have been reported, and the advisory does not provide specific impact scenarios or exploitation details.

The advisory provides updated RPM packages for the affected java-21-openjdk-portable components. Users should apply the provided updates to their Red Hat Hardened Images environments to address the vulnerabilities. Since the advisory references updated RPM versions, this indicates that fixes are available. For detailed instructions and to obtain the updates, users should refer to the official Red Hat image update site at https://images.redhat.com/. No additional mitigation steps are specified in the advisory.