CVE-2026-34282
Denial of Service in Oracle Java SE Networking Component
Publication date: 2026-04-21
Last updated on: 2026-04-27
Assigner: Oracle
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| oracle | jre | 1.8.0 |
| oracle | jre | 11.0.30 |
| oracle | jre | 17.0.18 |
| oracle | jre | 21.0.10 |
| oracle | jre | 25.0.2 |
| oracle | jre | 26 |
| oracle | jdk | 1.8.0 |
| oracle | jdk | 11.0.30 |
| oracle | jdk | 17.0.18 |
| oracle | jdk | 21.0.10 |
| oracle | jdk | 25.0.2 |
| oracle | jdk | 26 |
| oracle | graalvm | 21.3.17 |
| oracle | graalvm_for_jdk | 17.0.18 |
| oracle | graalvm_for_jdk | 21.0.10 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-400 | The product does not properly control the allocation and maintenance of a limited resource. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Networking component of Oracle Java SE, Oracle GraalVM for JDK, and Oracle GraalVM Enterprise Edition. It affects multiple supported versions of these products.
An unauthenticated attacker with network access via multiple protocols can exploit this vulnerability easily. The attack can be carried out by using APIs in the affected component, such as through a web service that supplies data to these APIs.
The vulnerability also applies to Java deployments that run sandboxed Java Web Start applications or sandboxed Java applets which load and run untrusted code, typically from the internet, relying on the Java sandbox for security.
How can this vulnerability impact me? :
Successful exploitation of this vulnerability can result in an unauthorized ability to cause a hang or a frequently repeatable crash, leading to a complete denial of service (DoS) of the affected Oracle Java SE, Oracle GraalVM for JDK, or Oracle GraalVM Enterprise Edition.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows an unauthenticated attacker with network access to cause a denial of service (DoS) by hanging or crashing the affected Oracle Java SE and GraalVM products. However, it does not impact confidentiality or integrity of data.
Since the vulnerability does not result in unauthorized access to or modification of data, it primarily affects availability. Compliance standards like GDPR and HIPAA emphasize the protection of confidentiality, integrity, and availability of data. This vulnerability could impact availability requirements under these regulations if exploited, potentially causing service disruptions.
There is no direct information provided about specific compliance impacts or mitigation measures related to these standards.