OpenJDK Vulnerability Advisory: 2026/01/20
The following vulnerabilities in OpenJDK source code were fixed in this release. The affected versions are 25.0.1, 21.0.9, 17.0.17, 11.0.29, 8u472, and earlier. Please note that defense-in-depth issues are not assigned CVEs. We recommend that you upgrade as soon as possible.
The current and previous advisories are available for reference.
OpenJDK Risk matrix
| Affects ... | |||||||
|---|---|---|---|---|---|---|---|
| CVE ID | Component | CVSSv3.1 Vector | 8 | 11 | 17 | 21 | 25 |
| CVE-2026-21945 | security-libs/ java.security | 7.5 NLNNUNNH | • | • | • | • | • |
| CVE-2026-21932 | client-libs/ java.awt | 7.4 NLNRCNHN | • | • | • | • | • |
| CVE-2026-21933 | core-libs/ java.net | 6.1 NLNRCLLN | • | • | • | • | • |
| CVE-2026-21925 | core-libs/ java.rmi | 4.8 NHNNULLN | • | • | • | • | • |
OpenJFX Risk matrix
| Affects ... | |||||
|---|---|---|---|---|---|
| CVE ID | Component | CVSSv3.1 Vector | 17 | 21 | 25 |
| CVE-2025-43368 | javafx/ web | 7.5 NHNRUHHH | • | • | • |
| CVE-2025-7425 | javafx/ web | 7.5 NHNRUHHH | • | • | • |
| CVE-2025-6021 | javafx/ web | 5.9 NHNNUNNH | • | • | • |
| CVE-2025-6052 | javafx/ media | 3.7 NHNNUNNL | • | • | • |
| CVE-2026-21947 | javafx/ web | 3.1 NHNRUNLN | • | • | • |
| CVE-2025-47219 | javafx/ media | 3.1 NHNRULNN | • | • | • |
Acknowledgements
We acknowledge the following parties for their reports and contributions: 1UE B1U3R, Ben Smith, Luca Kellermann, and Mingijung.
We also thank the Leads of the JDK 8 Updates, JDK 11 Updates, JDK 17 Updates, JDK 21 Updates, and OpenJFX Projects for providing the risk-matrix information for their releases.
How to report a vulnerability
Please see the reporting instructions for information about how to report a vulnerability.
Last update: 2026/01/20 17:44 UTC
