CVE-2022-21299: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supp
mediumvulnerability
security
Summary
A vulnerability (CVE-2022-21299) exists in Oracle Java SE and Oracle GraalVM Enterprise Edition in the JAXP component (a Java library for processing XML), affecting versions like Java 8u311 and 11.0.13. An attacker without authentication can exploit this over the network to partially disrupt (denial of service) the affected Java applications, especially those running untrusted code from the internet.
Vulnerability Details
CVSS Score
5.3(medium)
EPSS (30-day exploit probability)
EPSS: 0.1%
Classification
Attack SophisticationModerate
Impact (CIA+S)
availability
Original source: https://nvd.nist.gov/vuln/detail/CVE-2022-21299
First tracked: February 15, 2026 at 08:43 PM
Classified by LLM (prompt v3) · confidence: 95%