CVE-2026-21947
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2026-01-20

Last updated on: 2026-01-29

Assigner: Oracle

Description
Vulnerability in Oracle Java SE (component: JavaFX). Supported versions that are affected are Oracle Java SE: 8u471-b50. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N).
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-20
Last Modified
2026-01-29
Generated
2026-05-07
AI Q&A
2026-01-21
EPSS Evaluated
2026-05-05
NVD
CVE-2026-21947
EUVD
EUVD-2026-3562
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
oracle jdk 1.8.0
oracle jre 1.8.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability exists in Oracle Java SE's JavaFX component, specifically affecting version 8u471-b50. It is a difficult to exploit issue that allows an unauthenticated attacker with network access through multiple protocols to compromise Oracle Java SE. Exploitation requires human interaction from someone other than the attacker. The vulnerability affects Java deployments that run untrusted code in sandboxed environments, such as Java Web Start applications or applets, and can lead to unauthorized update, insert, or delete access to some accessible data within Oracle Java SE. It does not affect server deployments running only trusted code.


How can this vulnerability impact me? :

If exploited, this vulnerability can allow an attacker to perform unauthorized modifications (update, insert, or delete) to certain data accessible by Oracle Java SE. This could compromise the integrity of the data within affected Java applications. However, exploitation is difficult and requires user interaction, and it only affects client-side Java deployments running untrusted code.


What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability, avoid running untrusted Java Web Start applications or sandboxed Java applets that load untrusted code from the internet. Ensure that only trusted code installed by an administrator is run, especially on servers. Applying updates or patches from Oracle when available is also recommended.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart