RHSA-2026:9690
Vulnerability from csaf_redhat - Published: 2026-04-23 16:10 - Updated: 2026-04-29 01:49Summary
Red Hat Security Advisory: OpenJDK 21.0.11 Security Update for Portable Linux Builds
Severity
Important
Notes
Topic: An update is now available for OpenJDK.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: The OpenJDK 21 packages provide the OpenJDK 21 Java Runtime Environment and the OpenJDK 21 Java Software Development Kit.
This release of the Red Hat build of OpenJDK 21 (21.0.11) for portable Linux serves as a replacement for the Red Hat build of OpenJDK 21 (21.0.10) and includes security and bug fixes as well as enhancements. For further information, refer to the release notes linked to in the References section.
Security Fix(es):
* JDK: Enhance crypto algorithm support (CVE-2026-22007)
* JDK: Improve Kerberos credentialing (CVE-2026-22013)
* JDK: Enhance Path Factories Redux (CVE-2026-22016)
* JDK: Enhance Zip file reading (CVE-2026-22018)
* JDK: Enhance certificate chain validation (CVE-2026-22021)
* JDK: Updating FreeType 2.14.1 (CVE-2026-23865)
* JDK: Enhance TLS connection handling (CVE-2026-34282)
* JDK: Enhance key generation (CVE-2026-34268)
Bug Fix(es):
* When copying files, OpenJDK 21 prefers to use the copy_file_range native function for performance reasons, only falling back to sendfile when this fails. However, in previous OpenJDK 21 releases, a response of EOPNOTSUPP (operation not supported) did not cause the JDK to fall back to sendfile. This is rectified in this release. (OPENJDK-4676)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
No description is available for this CVE.
CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
Vendor Fix
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:9690
No description is available for this CVE.
5.3 (Medium)
Vendor Fix
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:9690
No description is available for this CVE.
7.5 (High)
Vendor Fix
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:9690
No description is available for this CVE.
CWE-125 - Out-of-bounds Read
Vendor Fix
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:9690
No description is available for this CVE.
5.3 (Medium)
Vendor Fix
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:9690
A flaw was found in Freetype. An integer overflow vulnerability exists when processing specially crafted OpenType variable fonts. A local attacker could exploit this by convincing a user to open a malicious font file, which may lead to an out-of-bounds read and potential information disclosure or denial of service.
5.3 (Medium)
Vendor Fix
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:9690
No description is available for this CVE.
CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
Vendor Fix
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:9690
No description is available for this CVE.
7.5 (High)
Vendor Fix
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:9690
References
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for OpenJDK.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The OpenJDK 21 packages provide the OpenJDK 21 Java Runtime Environment and the OpenJDK 21 Java Software Development Kit.\n\nThis release of the Red Hat build of OpenJDK 21 (21.0.11) for portable Linux serves as a replacement for the Red Hat build of OpenJDK 21 (21.0.10) and includes security and bug fixes as well as enhancements. For further information, refer to the release notes linked to in the References section.\n\nSecurity Fix(es):\n\n* JDK: Enhance crypto algorithm support (CVE-2026-22007)\n\n* JDK: Improve Kerberos credentialing (CVE-2026-22013)\n\n* JDK: Enhance Path Factories Redux (CVE-2026-22016)\n\n* JDK: Enhance Zip file reading (CVE-2026-22018)\n\n* JDK: Enhance certificate chain validation (CVE-2026-22021)\n\n* JDK: Updating FreeType 2.14.1 (CVE-2026-23865)\n\n* JDK: Enhance TLS connection handling (CVE-2026-34282)\n\n* JDK: Enhance key generation (CVE-2026-34268)\n\nBug Fix(es):\n\n* When copying files, OpenJDK 21 prefers to use the copy_file_range native function for performance reasons, only falling back to sendfile when this fails. However, in previous OpenJDK 21 releases, a response of EOPNOTSUPP (operation not supported) did not cause the JDK to fall back to sendfile. This is rectified in this release. (OPENJDK-4676)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:9690",
"url": "https://access.redhat.com/errata/RHSA-2026:9690"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_build_of_openjdk/21/html/release_notes_for_red_hat_build_of_openjdk_21.0.11/index",
"url": "https://docs.redhat.com/en/documentation/red_hat_build_of_openjdk/21/html/release_notes_for_red_hat_build_of_openjdk_21.0.11/index"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_9690.json"
}
],
"title": "Red Hat Security Advisory: OpenJDK 21.0.11 Security Update for Portable Linux Builds",
"tracking": {
"current_release_date": "2026-04-29T01:49:21+00:00",
"generator": {
"date": "2026-04-29T01:49:21+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.6"
}
},
"id": "RHSA-2026:9690",
"initial_release_date": "2026-04-23T16:10:07+00:00",
"revision_history": [
{
"date": "2026-04-23T16:10:07+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-04-23T16:10:07+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-04-29T01:49:21+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Build of OpenJDK 21.0.11",
"product": {
"name": "Red Hat Build of OpenJDK 21.0.11",
"product_id": "Red Hat Build of OpenJDK 21.0.11",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openjdk:21"
}
}
}
],
"category": "product_family",
"name": "OpenJDK"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-22007",
"cwe": {
"id": "CWE-327",
"name": "Use of a Broken or Risky Cryptographic Algorithm"
},
"discovery_date": "2026-04-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2460038"
}
],
"notes": [
{
"category": "description",
"text": "No description is available for this CVE.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openjdk: OpenJDK: Enhance crypto algorithm support (Oracle CPU 2026-04)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Build of OpenJDK 21.0.11"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-22007"
},
{
"category": "external",
"summary": "RHBZ#2460038",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460038"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-22007",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22007"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-22007",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22007"
},
{
"category": "external",
"summary": "https://www.oracle.com/security-alerts/cpuapr2026.html#AppendixJAVA",
"url": "https://www.oracle.com/security-alerts/cpuapr2026.html#AppendixJAVA"
}
],
"release_date": "2026-04-21T20:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-23T16:10:07+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Build of OpenJDK 21.0.11"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:9690"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 2.9,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Build of OpenJDK 21.0.11"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "openjdk: OpenJDK: Enhance crypto algorithm support (Oracle CPU 2026-04)"
},
{
"cve": "CVE-2026-22013",
"cwe": {
"id": "CWE-319",
"name": "Cleartext Transmission of Sensitive Information"
},
"discovery_date": "2026-04-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2460040"
}
],
"notes": [
{
"category": "description",
"text": "No description is available for this CVE.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openjdk: OpenJDK: Improve Kerberos credentialing (Oracle CPU 2026-04)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Build of OpenJDK 21.0.11"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-22013"
},
{
"category": "external",
"summary": "RHBZ#2460040",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460040"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-22013",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22013"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-22013",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22013"
},
{
"category": "external",
"summary": "https://www.oracle.com/security-alerts/cpuapr2026.html#AppendixJAVA",
"url": "https://www.oracle.com/security-alerts/cpuapr2026.html#AppendixJAVA"
}
],
"release_date": "2026-04-21T20:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-23T16:10:07+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Build of OpenJDK 21.0.11"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:9690"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Build of OpenJDK 21.0.11"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openjdk: OpenJDK: Improve Kerberos credentialing (Oracle CPU 2026-04)"
},
{
"cve": "CVE-2026-22016",
"cwe": {
"id": "CWE-611",
"name": "Improper Restriction of XML External Entity Reference"
},
"discovery_date": "2026-04-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2460039"
}
],
"notes": [
{
"category": "description",
"text": "No description is available for this CVE.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openjdk: OpenJDK: Enhance Path Factories Redux (Oracle CPU 2026-04)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Build of OpenJDK 21.0.11"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-22016"
},
{
"category": "external",
"summary": "RHBZ#2460039",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460039"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-22016",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22016"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-22016",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22016"
},
{
"category": "external",
"summary": "https://www.oracle.com/security-alerts/cpuapr2026.html#AppendixJAVA",
"url": "https://www.oracle.com/security-alerts/cpuapr2026.html#AppendixJAVA"
}
],
"release_date": "2026-04-21T20:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-23T16:10:07+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Build of OpenJDK 21.0.11"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:9690"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Build of OpenJDK 21.0.11"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "openjdk: OpenJDK: Enhance Path Factories Redux (Oracle CPU 2026-04)"
},
{
"cve": "CVE-2026-22018",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2026-04-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2460041"
}
],
"notes": [
{
"category": "description",
"text": "No description is available for this CVE.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openjdk: OpenJDK: Enhance Zip file reading (Oracle CPU 2026-04)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Build of OpenJDK 21.0.11"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-22018"
},
{
"category": "external",
"summary": "RHBZ#2460041",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460041"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-22018",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22018"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-22018",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22018"
},
{
"category": "external",
"summary": "https://www.oracle.com/security-alerts/cpuapr2026.html#AppendixJAVA",
"url": "https://www.oracle.com/security-alerts/cpuapr2026.html#AppendixJAVA"
}
],
"release_date": "2026-04-21T20:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-23T16:10:07+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Build of OpenJDK 21.0.11"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:9690"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Build of OpenJDK 21.0.11"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "openjdk: OpenJDK: Enhance Zip file reading (Oracle CPU 2026-04)"
},
{
"cve": "CVE-2026-22021",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"discovery_date": "2026-04-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2460042"
}
],
"notes": [
{
"category": "description",
"text": "No description is available for this CVE.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openjdk: OpenJDK: Enhance certificate chain validation (Oracle CPU 2026-04)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Build of OpenJDK 21.0.11"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-22021"
},
{
"category": "external",
"summary": "RHBZ#2460042",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460042"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-22021",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22021"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-22021",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22021"
},
{
"category": "external",
"summary": "https://www.oracle.com/security-alerts/cpuapr2026.html#AppendixJAVA",
"url": "https://www.oracle.com/security-alerts/cpuapr2026.html#AppendixJAVA"
}
],
"release_date": "2026-04-21T20:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-23T16:10:07+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Build of OpenJDK 21.0.11"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:9690"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Build of OpenJDK 21.0.11"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openjdk: OpenJDK: Enhance certificate chain validation (Oracle CPU 2026-04)"
},
{
"cve": "CVE-2026-23865",
"discovery_date": "2026-03-02T17:01:54.514540+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2443891"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Freetype. An integer overflow vulnerability exists when processing specially crafted OpenType variable fonts. A local attacker could exploit this by convincing a user to open a malicious font file, which may lead to an out-of-bounds read and potential information disclosure or denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "freetype: Freetype: Information disclosure or denial of service via specially crafted font files",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is a MODERATE impact vulnerability. An integer overflow in the Freetype library can lead to an out-of-bounds read when processing specially crafted OpenType variable fonts. Exploitation requires user interaction, such as opening a malicious font file.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Build of OpenJDK 21.0.11"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-23865"
},
{
"category": "external",
"summary": "RHBZ#2443891",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2443891"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-23865",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23865"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-23865",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23865"
},
{
"category": "external",
"summary": "https://gitlab.com/freetype/freetype/-/commit/fc85a255849229c024c8e65f536fe1875d84841c",
"url": "https://gitlab.com/freetype/freetype/-/commit/fc85a255849229c024c8e65f536fe1875d84841c"
},
{
"category": "external",
"summary": "https://sourceforge.net/projects/freetype/files/freetype2/2.14.2/",
"url": "https://sourceforge.net/projects/freetype/files/freetype2/2.14.2/"
},
{
"category": "external",
"summary": "https://www.facebook.com/security/advisories/cve-2026-23865",
"url": "https://www.facebook.com/security/advisories/cve-2026-23865"
},
{
"category": "external",
"summary": "https://www.oracle.com/security-alerts/cpuapr2026.html#AppendixJAVA",
"url": "https://www.oracle.com/security-alerts/cpuapr2026.html#AppendixJAVA"
}
],
"release_date": "2026-03-02T16:09:42.079000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-23T16:10:07+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Build of OpenJDK 21.0.11"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:9690"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Build of OpenJDK 21.0.11"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "freetype: Freetype: Information disclosure or denial of service via specially crafted font files"
},
{
"cve": "CVE-2026-34268",
"cwe": {
"id": "CWE-327",
"name": "Use of a Broken or Risky Cryptographic Algorithm"
},
"discovery_date": "2026-04-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2460043"
}
],
"notes": [
{
"category": "description",
"text": "No description is available for this CVE.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openjdk: OpenJDK: Enhance key generation (Oracle CPU 2026-04)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Build of OpenJDK 21.0.11"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-34268"
},
{
"category": "external",
"summary": "RHBZ#2460043",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460043"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-34268",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34268"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-34268",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34268"
},
{
"category": "external",
"summary": "https://www.oracle.com/security-alerts/cpuapr2026.html#AppendixJAVA",
"url": "https://www.oracle.com/security-alerts/cpuapr2026.html#AppendixJAVA"
}
],
"release_date": "2026-04-21T20:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-23T16:10:07+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Build of OpenJDK 21.0.11"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:9690"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 2.9,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Build of OpenJDK 21.0.11"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "openjdk: OpenJDK: Enhance key generation (Oracle CPU 2026-04)"
},
{
"cve": "CVE-2026-34282",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"discovery_date": "2026-04-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2460044"
}
],
"notes": [
{
"category": "description",
"text": "No description is available for this CVE.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openjdk: OpenJDK: Enhance TLS connection handling (Oracle CPU 2026-04)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Build of OpenJDK 21.0.11"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-34282"
},
{
"category": "external",
"summary": "RHBZ#2460044",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460044"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-34282",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34282"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-34282",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34282"
},
{
"category": "external",
"summary": "https://www.oracle.com/security-alerts/cpuapr2026.html#AppendixJAVA",
"url": "https://www.oracle.com/security-alerts/cpuapr2026.html#AppendixJAVA"
}
],
"release_date": "2026-04-21T20:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-23T16:10:07+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Build of OpenJDK 21.0.11"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:9690"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Build of OpenJDK 21.0.11"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "openjdk: OpenJDK: Enhance TLS connection handling (Oracle CPU 2026-04)"
}
]
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…