OpenJDK Vulnerability Advisory: 2026/01/20
Andrew H. Gross
andrew.gross at oracle.com
Wed Jan 21 18:56:54 UTC 2026
OpenJDK Vulnerability Advisory: 2026/01/20
vuln-report at openjdk.org
https://openjdk.org/groups/vulnerability/advisories
Releases affected: 8, 11, 17, 21, and 25
OpenJDK CVEs:
CVE-2026-21925 CVE-2026-21932 CVE-2026-21933 CVE-2026-21945
OpenJFX CVEs:
CVE-2025-43368 CVE-2025-47219 CVE-2025-6021 CVE-2025-6052
CVE-2025-7425 CVE-2026-21947
Please note that defense-in-depth issues are not assigned CVEs.
These issues have been addressed, as applicable, in the following releases:
8u482, 11.0.30, 17.0.18, 21.0.10, and 25.0.2
We recommend that you upgrade to these new releases as soon as possible.
For more detail about this advisory, please see:
https://openjdk.org/groups/vulnerability/advisories/2026-01-20
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0x27F209491C0FE9C1.asc
Type: application/pgp-keys
Size: 4134 bytes
Desc: OpenPGP public key
URL: <https://mail.openjdk.org/pipermail/vuln-announce/attachments/20260121/62b143a0/OpenPGP_0x27F209491C0FE9C1.asc>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <https://mail.openjdk.org/pipermail/vuln-announce/attachments/20260121/62b143a0/OpenPGP_signature.asc>
More information about the vuln-announce
mailing list