CRaC JDK 17 vulnerabilities
Summary
Thomas Beckers discovered that the JAXP component of CRaC JDK 17 did not correctly authenticate certain APIs. A remote unauthenticated attacker could possibly use this issue to gain unauthorized access to sensitive information. (CVE-2026-22016) It was discovered that the Networking component of CRaC JDK 17 did not correctly authenticate certain APIs. A remote unauthenticated attacker could possibly use this issue to cause a denial of service. (CVE-2026-34282) It was discovered that the JSSE component of CRaC JDK 17 did not correctly authenticate certain APIs. A remote unauthenticated attacker could possibly use this issue to cause a denial of service. (CVE-2026-22021) It was discovered that the JGSS component of CRaC JDK 17 did not correctly authenticate certain APIs. A remote attacker could possibly use this issue to obtain sensitive information. (CVE-2026-22013) It was discovered that the 2D component of CRaC JDK 17 did not correctly handle certain integer arithmetic. If a user or automated system were tricked into opening a specially crafted file, an attacker could possibly use this issue to leak sensitive information. (CVE-2026-23865) It was discovered that the Libraries component of CRaC JDK 17 did not correctly authenticate certain APIs. A remote unauthenticated attacker could possibly use this issue to cause a denial of service. (CVE-2026-22018) Ken Pyle discovered that Affected Ubuntu releases: 26.04, 25.10. CVEs: CVE-2026-34282, CVE-2026-22018, CVE-2026-22021, CVE-2026-22007, CVE-2026-22016, CVE-2026-34268, CVE-2026-22013, CVE-2026-23865.
- Ubuntu 26.04
- Ubuntu 25.10
Official advisory · medium-confidence parse· fetched 3 hours ago·verify at source
Mitigation checklist
- Apply available updates: `sudo apt update && sudo apt upgrade` (a standard system update installs the fix).
Official advisory · medium-confidence parse· fetched 3 hours ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.