This advisory covers an update to Red Hat Hardened Images RPMs involving numerous java-25-openjdk packages. The update relates to a collection of vulnerabilities including CVE-2026-22007 and six others (CVE-2026-22013, CVE-2026-22016, CVE-2026-22018, CVE-2026-22021, CVE-2026-34268, CVE-2026-34282). The vulnerabilities correspond to several CWEs such as CWE-327 (Use of a Broken or Risky Cryptographic Algorithm), CWE-319 (Cleartext Transmission of Sensitive Information), CWE-611 (Improper Restriction of XML External Entity Reference), CWE-125 (Out-of-bounds Read), CWE-674 (Uncontrolled Recursion), and CWE-835 (Loop with Unreachable Exit Condition). The advisory does not specify detailed technical fixes or patch availability but provides updated RPM versions. No CVSS score is provided.

The vulnerabilities addressed are considered high severity and involve multiple security weaknesses in cryptographic usage, data transmission, XML processing, memory handling, and control flow within the affected java-25-openjdk packages. Exploitation could potentially lead to security breaches related to these weaknesses. However, there are no known exploits in the wild reported at this time. The update aims to improve security posture by fixing bugs and enhancing the hardened images RPMs.

Red Hat has released updated RPM packages for java-25-openjdk and related components to address these issues. Users of Red Hat Hardened Images should apply the update as provided by Red Hat following the instructions at https://images.redhat.com/. Since this is an official Red Hat security advisory with an update available, applying the update is the recommended remediation. No additional mitigation steps are indicated or required beyond applying the update.