Multiple OpenJDK Versions Exposed to Remote Information Theft Vulnerabilities

Multiple OpenJDK Versions Exposed to Remote Information Theft Vulnerabilities

First seen 3 Feb 2026, 08:35 UTC UbuntuLinuxsecurity 77% similarity 65.6

Article Content

Browse articles
ThreatCluster

Vulnerabilities have been identified in OpenJDK versions 8, 11, and 21, as well as CRaC JDK 21. The RMI component in these versions allows unauthenticated remote attackers to establish TCP endpoint connections without proper endpoint identification, potentially leading to sensitive information theft. The issues were discovered by researcher Mingijung and are associated with CVE-2026-21925.

ThreatCluster AI

Community

Browse all →