CVE-2026-22008
Integrity Vulnerability in Oracle Java SE Libraries via Network Access
Publication date: 2026-04-21
Last updated on: 2026-04-23
Assigner: Oracle
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| oracle | jdk | 25.0.1 |
| oracle | jre | 25.0.1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-250 | The product performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows an unauthenticated attacker with network access to perform unauthorized update, insert, or delete operations on some Oracle Java SE accessible data. This unauthorized data modification could potentially impact the integrity of data handled by applications using the affected Java SE version.
However, the provided information does not specify any direct impact on compliance with common standards and regulations such as GDPR or HIPAA.
Can you explain this vulnerability to me?
This vulnerability exists in Oracle Java SE version 25.0.1, specifically in its Libraries component. It is a difficult to exploit flaw that allows an unauthenticated attacker with network access through multiple protocols to compromise Oracle Java SE. The vulnerability affects Java deployments that run untrusted code, such as sandboxed Java Web Start applications or sandboxed Java applets that rely on the Java sandbox for security. It does not affect Java deployments that run only trusted code, like those installed by an administrator.
Successful exploitation can result in unauthorized update, insert, or delete access to some of the data accessible by Oracle Java SE.
How can this vulnerability impact me? :
If exploited, this vulnerability can allow an attacker to perform unauthorized modificationsβsuch as updates, inserts, or deletionsβon data accessible by Oracle Java SE. This could compromise the integrity of the data within affected Java applications that run untrusted code.
However, the vulnerability is rated with a CVSS base score of 3.7, indicating a low to moderate impact primarily on data integrity, and it is difficult to exploit.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, ensure that you do not run untrusted Java Web Start applications or sandboxed Java applets that load untrusted code from the internet.
Avoid using affected Oracle Java SE version 25.0.1 in environments where untrusted code is executed.
Prefer Java deployments that load and run only trusted code installed by an administrator, typically in server environments.