CVSS 3.1 Score 5.9 of 10 (medium)


Published Jan 16, 2024
Updated: Feb 2, 2024


CVE-2024-20926 is a vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, and Oracle GraalVM Enterprise Edition products. The affected versions include Oracle Java SE 8u391, 8u391-perf, and 11.0.21; Oracle GraalVM for JDK 17.0.9; and Oracle GraalVM Enterprise Edition 20.3.12, 21.3.8, and 22.3.4. This vulnerability allows an unauthenticated attacker with network access to compromise these products and potentially gain unauthorized access to critical data or complete access to all accessible data within them. Exploiting this vulnerability can be done through APIs in the specified component or via Java deployments running sandboxed Java Web Start applications. The impact score of this vulnerability is rated as medium, with a confidentiality impact being high and an exploitability score of 2.2 out of 10.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2024-20926 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options