CVE-2026-21975
BaseFortify
Publication date: 2026-01-20
Last updated on: 2026-01-29
Assigner: Oracle
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| oracle | java_virtual_machine | From 19.3 (inc) to 19.29 (inc) |
| oracle | java_virtual_machine | From 21.3 (inc) to 21.20 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-404 | The product does not release or incorrectly releases a resource before it is made available for re-use. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Java VM component of Oracle Database Server versions 19.3-19.29 and 21.3-21.20. It allows a high privileged attacker with authenticated user access and network access via Oracle Net to compromise the Java VM. Exploiting this vulnerability requires human interaction from someone other than the attacker. Successful exploitation can cause the Java VM to hang or repeatedly crash, resulting in a denial of service.
How can this vulnerability impact me? :
The vulnerability can impact you by allowing an attacker with high privileges and authenticated network access to cause the Java VM component of your Oracle Database Server to hang or crash repeatedly. This leads to a denial of service condition, potentially disrupting database operations and availability.