AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2026-22016: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE

highvulnerability

security

Source: NVD/CVE DatabaseApril 21, 2026CVE-2026-22016

Summary

A serious vulnerability in Oracle Java SE and related products (JAXP component, which handles XML processing) allows attackers on the network to access sensitive data without needing to log in or interact with a user. The flaw affects multiple versions of Java and can be exploited through web services or untrusted code loaded in Java applications, with a CVSS score (0-10 severity rating) of 7.5 indicating high risk for data theft.

Vulnerability Details

CVSS Score

7.5(high)

EPSS (30-day exploit probability)

EPSS: 0.0%

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

network

Attack Complexity

low

Privileges Required

none

User Interaction

none

Disclosure Date

April 21, 2026

Classification

Attack Type

Data Extraction

Attack SophisticationTrivial

Impact (CIA+S)

confidentiality

Related Issues

critical

CVE-2025-45150: Insecure permissions in LangChain-ChatGLM-Webui commit ef829 allows attackers to arbitrarily view and download sensitive

Similar attackNVD/CVE Database

high

CVE-2025-54868: LibreChat is a ChatGPT clone with additional features. In versions 0.0.6 through 0.7.7-rc1, an exposed testing endpoint

Similar attack

Monthly digest — independent AI security research

Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-22016

First tracked: April 21, 2026 at 08:09 PM

Classified by LLM (prompt v3) · confidence: 65%