製品・ソフトウェアに関する情報

JVN脆弱性詳細

Hitachi Command Suite製品, Hitachi Automation Director, Hitachi Configuration Manager, Hitachi Infrastructure Analytics AdvisorおよびHitachi Ops Center製品における複数の脆弱性

タイトル	Hitachi Command Suite製品, Hitachi Automation Director, Hitachi Configuration Manager, Hitachi Infrastructure Analytics AdvisorおよびHitachi Ops Center製品における複数の脆弱性
概要	Hitachi Command Suite製品, Hitachi Automation Director, Hitachi Configuration Manager, Hitachi Infrastructure Analytics AdvisorおよびHitachi Ops Center製品に複数の脆弱性が存在します。 CVE-2026-22007, CVE-2026-22013, CVE-2026-22016, CVE-2026-22018, CVE-2026-22021, CVE-2026-23865, CVE-2026-34268, CVE-2026-34282
想定される影響	想定される影響については、ベンダ情報をご確認ください。
対策	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
公表日	2026年5月26日0:00
登録日	2026年5月27日13:53
最終更新日	2026年5月27日13:53

影響を受けるシステム

日立

Hitachi Automation Director Linux すべてのバージョン

Hitachi Automation Director Windows すべてのバージョン

Hitachi Compute Systems Manager Linux すべてのバージョン

Hitachi Compute Systems Manager Windows すべてのバージョン

Hitachi Configuration Manager Linux すべてのバージョン

Hitachi Configuration Manager Windows すべてのバージョン

Hitachi Device Manager Device Manager エージェント Linux すべてのバージョン

Hitachi Device Manager Device Manager エージェント Windows すべてのバージョン

Hitachi Device Manager Device Manager サーバ Linux すべてのバージョン

Hitachi Device Manager Device Manager サーバ Windows すべてのバージョン

Hitachi Device Manager Host Data Collector Linux すべてのバージョン

Hitachi Device Manager Host Data Collector Windows すべてのバージョン

Hitachi Dynamic Link Manager Linux 9.0.0-00未満

Hitachi Dynamic Link Manager VMware 9.0.0-00未満

Hitachi Dynamic Link Manager Windows 9.0.0-00未満

Hitachi Global Link Manager Windows すべてのバージョン

Hitachi Infrastructure Analytics Advisor (海外販売のみ) Analytics probe server Linux すべてのバージョン

Hitachi Infrastructure Analytics Advisor (海外販売のみ) Hitachi Infrastructure Analytics Advisor Linux すべてのバージョン

Hitachi Infrastructure Analytics Advisor (海外販売のみ) Hitachi Infrastructure Analytics Advisor Windows すべてのバージョン

Hitachi Ops Center Administrator (海外販売のみ) Linux すべてのバージョン

Hitachi Ops Center Analyzer (海外販売のみ) Analyzer detail view server Linux 11.0.2-00以降

Hitachi Ops Center Analyzer (海外販売のみ) Analyzer probe server Linux 11.0.2-00以降

Hitachi Ops Center Analyzer (海外販売のみ) Hitachi Ops Center Analyzer Linux すべてのバージョン

Hitachi Ops Center Analyzer (海外販売のみ) Hitachi Ops Center Analyzer Windows すべてのバージョン

Hitachi Ops Center Analyzer (海外販売のみ) RAID Agent Linux すべてのバージョン

Hitachi Ops Center Analyzer (海外販売のみ) RAID Agent Windows すべてのバージョン

Hitachi Ops Center Analyzer (海外販売のみ) Virtual Storage Software Agent Linux すべてのバージョン

Hitachi Ops Center Analyzer viewpoint (海外販売のみ) Linux すべてのバージョン

Hitachi Ops Center API Configuration Manager Linux すべてのバージョン

Hitachi Ops Center API Configuration Manager Windows すべてのバージョン

Hitachi Ops Center Automator Linux すべてのバージョン

Hitachi Ops Center Automator Windows すべてのバージョン

Hitachi Ops Center Common Services Linux すべてのバージョン

Hitachi Ops Center Common Services Windows すべてのバージョン

Hitachi Ops Center Viewpoint (国内販売のみ) Viewpoint data center proxy Linux すべてのバージョン

Hitachi Ops Center Viewpoint (国内販売のみ) Viewpoint data center proxy Windows すべてのバージョン

Hitachi Ops Center Viewpoint (国内販売のみ) Viewpoint Linux すべてのバージョン

Hitachi Ops Center Viewpoint (国内販売のみ) Viewpoint RAID Agent Linux すべてのバージョン

Hitachi Ops Center Viewpoint (国内販売のみ) Viewpoint RAID Agent Windows すべてのバージョン

Hitachi Ops Center Viewpoint (国内販売のみ) Viewpoint Windows すべてのバージョン

Hitachi Replication Manager Linux 9.0.0-00未満

Hitachi Replication Manager Windows 9.0.0-00未満

Hitachi Tiered Storage Manager Linux すべてのバージョン

Hitachi Tiered Storage Manager Windows すべてのバージョン

Hitachi Tuning Manager Hitachi Tuning Manager - Agent for NAS Linux 8.0.0-00以降

Hitachi Tuning Manager Hitachi Tuning Manager - Agent for NAS Windows 8.0.0-00以降

Hitachi Tuning Manager Hitachi Tuning Manager - Agent for RAID Linux 8.0.0-00以降

Hitachi Tuning Manager Hitachi Tuning Manager - Agent for RAID Windows 8.0.0-00以降

Hitachi Tuning Manager Hitachi Tuning Manager - Agent for SAN Switch Linux すべてのバージョン

Hitachi Tuning Manager Hitachi Tuning Manager - Agent for SAN Switch Windows すべてのバージョン

Hitachi Tuning Manager Hitachi Tuning Manager server Linux すべてのバージョン

Hitachi Tuning Manager Hitachi Tuning Manager server Windows すべてのバージョン

CVE (情報セキュリティ共通脆弱性識別子)

No	名前	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2026-22007	https://www.cve.org/CVERecord?id=CVE-2026-22007
2	CVE-2026-22013	https://www.cve.org/CVERecord?id=CVE-2026-22013
3	CVE-2026-22016	https://www.cve.org/CVERecord?id=CVE-2026-22016
4	CVE-2026-22018	https://www.cve.org/CVERecord?id=CVE-2026-22018
5	CVE-2026-22021	https://www.cve.org/CVERecord?id=CVE-2026-22021
6	CVE-2026-23865	https://www.cve.org/CVERecord?id=CVE-2026-23865
7	CVE-2026-34268	https://www.cve.org/CVERecord?id=CVE-2026-34268
8	CVE-2026-34282	https://www.cve.org/CVERecord?id=CVE-2026-34282

ベンダー情報

No	名前	URL
ソフトウェア製品セキュリティ情報
1	hitachi-sec-2026-122	https://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/hitachi-sec-2026-122/index.html

変更履歴

No	変更内容	変更日
1	[2026年05月27日] 掲載	2026年5月27日13:53

NVD脆弱性情報

CVE-2026-22007

概要	Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 and 21.0.10; Oracle GraalVM Enterprise Edition: 21.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition executes to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 2.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).
公表日	2026年4月22日6:16
登録日	2026年4月25日4:03
最終更新日	2026年4月27日21:14

影響を受けるソフトウェアの構成

構成1	以上	以下	より上	未満
cpe:2.3:a:oracle:graalvm:21.3.17::::enterprise:::
cpe:2.3:a:oracle:graalvm_for_jdk:17.0.18:::::::*
cpe:2.3:a:oracle:graalvm_for_jdk:21.0.10:::::::*
cpe:2.3:a:oracle:jre:1.8.0:update481:::-:::*
cpe:2.3:a:oracle:jre:1.8.0:update481:::enterprise_performance_pack:::*
cpe:2.3:a:oracle:jre:1.8.0:update481_b50:::-:::*
cpe:2.3:a:oracle:jre:11.0.30:::::::*
cpe:2.3:a:oracle:jre:17.0.18:::::::*
cpe:2.3:a:oracle:jre:21.0.10:::::::*
cpe:2.3:a:oracle:jre:25.0.2:::::::*
cpe:2.3:a:oracle:jre:26:::::::*
cpe:2.3:a:oracle:jdk:1.8.0:update481:::-:::*
cpe:2.3:a:oracle:jdk:1.8.0:update481:::enterprise_performance_pack:::*
cpe:2.3:a:oracle:jdk:1.8.0:update481_b50:::-:::*
cpe:2.3:a:oracle:jdk:11.0.30:::::::*
cpe:2.3:a:oracle:jdk:17.0.18:::::::*
cpe:2.3:a:oracle:jdk:21.0.10:::::::*
cpe:2.3:a:oracle:jdk:25.0.2:::::::*
cpe:2.3:a:oracle:jdk:26:::::::*

関連情報、対策とツール

No	URL	refsource	タグ
1	https://www.oracle.com/security-alerts/cpuapr2026.html	secalert_us@oracle.com

共通脆弱性一覧

CVE-2026-22013

概要	Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JGSS). Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 and 21.0.10; Oracle GraalVM Enterprise Edition: 21.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N).
公表日	2026年4月22日6:16
登録日	2026年4月25日4:03
最終更新日	2026年4月27日21:15

影響を受けるソフトウェアの構成

構成1	以上	以下	より上	未満
cpe:2.3:a:oracle:jdk:1.8.0:update481:::-:::*
cpe:2.3:a:oracle:jdk:1.8.0:update481:::enterprise_performance_pack:::*
cpe:2.3:a:oracle:jdk:1.8.0:update481_b50:::-:::*
cpe:2.3:a:oracle:jdk:11.0.30:::::::*
cpe:2.3:a:oracle:jdk:17.0.18:::::::*
cpe:2.3:a:oracle:jdk:21.0.10:::::::*
cpe:2.3:a:oracle:jdk:25.0.2:::::::*
cpe:2.3:a:oracle:jdk:26:::::::*
cpe:2.3:a:oracle:graalvm:21.3.17::::enterprise:::
cpe:2.3:a:oracle:graalvm_for_jdk:17.0.18:::::::*
cpe:2.3:a:oracle:graalvm_for_jdk:21.0.10:::::::*
cpe:2.3:a:oracle:jre:1.8.0:update481:::-:::*
cpe:2.3:a:oracle:jre:1.8.0:update481:::enterprise_performance_pack:::*
cpe:2.3:a:oracle:jre:1.8.0:update481_b50:::-:::*
cpe:2.3:a:oracle:jre:11.0.30:::::::*
cpe:2.3:a:oracle:jre:17.0.18:::::::*
cpe:2.3:a:oracle:jre:21.0.10:::::::*
cpe:2.3:a:oracle:jre:25.0.2:::::::*
cpe:2.3:a:oracle:jre:26:::::::*

関連情報、対策とツール

No	URL	refsource	タグ
1	https://www.oracle.com/security-alerts/cpuapr2026.html	secalert_us@oracle.com

共通脆弱性一覧

No	CWE	名前	URL
1	CWE-693	保護メカニズムの不具合	https://cwe.mitre.org/data/definitions/693.html

CVE-2026-22016

概要	Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 and 21.0.10; Oracle GraalVM Enterprise Edition: 21.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
公表日	2026年4月22日6:16
登録日	2026年4月25日4:03
最終更新日	2026年4月27日21:16

影響を受けるソフトウェアの構成

構成1	以上	以下	より上	未満
cpe:2.3:a:oracle:jre:1.8.0:update481:::-:::*
cpe:2.3:a:oracle:jre:1.8.0:update481:::enterprise_performance_pack:::*
cpe:2.3:a:oracle:jre:1.8.0:update481_b50:::-:::*
cpe:2.3:a:oracle:jre:11.0.30:::::::*
cpe:2.3:a:oracle:jre:17.0.18:::::::*
cpe:2.3:a:oracle:jre:21.0.10:::::::*
cpe:2.3:a:oracle:jre:25.0.2:::::::*
cpe:2.3:a:oracle:jre:26:::::::*
cpe:2.3:a:oracle:jdk:1.8.0:update481:::-:::*
cpe:2.3:a:oracle:jdk:1.8.0:update481:::enterprise_performance_pack:::*
cpe:2.3:a:oracle:jdk:1.8.0:update481_b50:::-:::*
cpe:2.3:a:oracle:jdk:11.0.30:::::::*
cpe:2.3:a:oracle:jdk:17.0.18:::::::*
cpe:2.3:a:oracle:jdk:21.0.10:::::::*
cpe:2.3:a:oracle:jdk:25.0.2:::::::*
cpe:2.3:a:oracle:jdk:26:::::::*
cpe:2.3:a:oracle:graalvm:21.3.17::::enterprise:::
cpe:2.3:a:oracle:graalvm_for_jdk:17.0.18:::::::*
cpe:2.3:a:oracle:graalvm_for_jdk:21.0.10:::::::*

関連情報、対策とツール

No	URL	refsource	タグ
1	https://www.oracle.com/security-alerts/cpuapr2026.html	secalert_us@oracle.com

共通脆弱性一覧

No	CWE	名前	URL
1	CWE-200	情報漏えい	https://cwe.mitre.org/data/definitions/200.html
2	CWE-502	信頼性のないデータのデシリアライゼーション	https://cwe.mitre.org/data/definitions/502.html

CVE-2026-22018

概要	Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 and 21.0.10; Oracle GraalVM Enterprise Edition: 21.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
公表日	2026年4月22日6:16
登録日	2026年4月25日4:03
最終更新日	2026年4月27日21:17

影響を受けるソフトウェアの構成

構成1	以上	以下	より上	未満
cpe:2.3:a:oracle:jre:1.8.0:update481:::-:::*
cpe:2.3:a:oracle:jre:1.8.0:update481:::enterprise_performance_pack:::*
cpe:2.3:a:oracle:jre:1.8.0:update481_b50:::-:::*
cpe:2.3:a:oracle:jre:11.0.30:::::::*
cpe:2.3:a:oracle:jre:17.0.18:::::::*
cpe:2.3:a:oracle:jre:21.0.10:::::::*
cpe:2.3:a:oracle:jre:25.0.2:::::::*
cpe:2.3:a:oracle:jre:26:::::::*
cpe:2.3:a:oracle:jdk:1.8.0:update481:::-:::*
cpe:2.3:a:oracle:jdk:1.8.0:update481:::enterprise_performance_pack:::*
cpe:2.3:a:oracle:jdk:1.8.0:update481_b50:::-:::*
cpe:2.3:a:oracle:jdk:11.0.30:::::::*
cpe:2.3:a:oracle:jdk:17.0.18:::::::*
cpe:2.3:a:oracle:jdk:21.0.10:::::::*
cpe:2.3:a:oracle:jdk:25.0.2:::::::*
cpe:2.3:a:oracle:jdk:26:::::::*
cpe:2.3:a:oracle:graalvm:21.3.17::::enterprise:::
cpe:2.3:a:oracle:graalvm_for_jdk:17.0.18:::::::*
cpe:2.3:a:oracle:graalvm_for_jdk:21.0.10:::::::*

関連情報、対策とツール

No	URL	refsource	タグ
1	https://www.oracle.com/security-alerts/cpuapr2026.html	secalert_us@oracle.com

共通脆弱性一覧

No	CWE	名前	URL
1	CWE-770	制限またはスロットリング無しのリソースの割り当て	https://cwe.mitre.org/data/definitions/770.html

CVE-2026-22021

概要	Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 and 21.0.10; Oracle GraalVM Enterprise Edition: 21.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
公表日	2026年4月22日6:16
登録日	2026年4月25日4:03
最終更新日	2026年4月27日21:18

影響を受けるソフトウェアの構成

構成1	以上	以下	より上	未満
cpe:2.3:a:oracle:jre:1.8.0:update481:::-:::*
cpe:2.3:a:oracle:jre:1.8.0:update481:::enterprise_performance_pack:::*
cpe:2.3:a:oracle:jre:1.8.0:update481_b50:::-:::*
cpe:2.3:a:oracle:jre:11.0.30:::::::*
cpe:2.3:a:oracle:jre:17.0.18:::::::*
cpe:2.3:a:oracle:jre:21.0.10:::::::*
cpe:2.3:a:oracle:jre:25.0.2:::::::*
cpe:2.3:a:oracle:jre:26:::::::*
cpe:2.3:a:oracle:jdk:1.8.0:update481:::-:::*
cpe:2.3:a:oracle:jdk:1.8.0:update481:::enterprise_performance_pack:::*
cpe:2.3:a:oracle:jdk:1.8.0:update481_b50:::-:::*
cpe:2.3:a:oracle:jdk:11.0.30:::::::*
cpe:2.3:a:oracle:jdk:17.0.18:::::::*
cpe:2.3:a:oracle:jdk:21.0.10:::::::*
cpe:2.3:a:oracle:jdk:25.0.2:::::::*
cpe:2.3:a:oracle:jdk:26:::::::*
cpe:2.3:a:oracle:graalvm:21.3.17::::enterprise:::
cpe:2.3:a:oracle:graalvm_for_jdk:17.0.18:::::::*
cpe:2.3:a:oracle:graalvm_for_jdk:21.0.10:::::::*

関連情報、対策とツール

No	URL	refsource	タグ
1	https://www.oracle.com/security-alerts/cpuapr2026.html	secalert_us@oracle.com

共通脆弱性一覧

No	CWE	名前	URL
1	CWE-400	リソースの枯渇	https://cwe.mitre.org/data/definitions/400.html

CVE-2026-34268

概要	Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 and 21.0.10; Oracle GraalVM Enterprise Edition: 21.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition executes to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 2.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).
公表日	2026年4月22日6:16
登録日	2026年4月25日4:03
最終更新日	2026年4月27日21:19

影響を受けるソフトウェアの構成

構成1	以上	以下	より上	未満
cpe:2.3:a:oracle:jre:1.8.0:update481:::-:::*
cpe:2.3:a:oracle:jre:1.8.0:update481:::enterprise_performance_pack:::*
cpe:2.3:a:oracle:jre:1.8.0:update481_b50:::-:::*
cpe:2.3:a:oracle:jre:11.0.30:::::::*
cpe:2.3:a:oracle:jre:17.0.18:::::::*
cpe:2.3:a:oracle:jre:21.0.10:::::::*
cpe:2.3:a:oracle:jre:25.0.2:::::::*
cpe:2.3:a:oracle:jre:26:::::::*
cpe:2.3:a:oracle:jdk:1.8.0:update481:::-:::*
cpe:2.3:a:oracle:jdk:1.8.0:update481:::enterprise_performance_pack:::*
cpe:2.3:a:oracle:jdk:1.8.0:update481_b50:::-:::*
cpe:2.3:a:oracle:jdk:11.0.30:::::::*
cpe:2.3:a:oracle:jdk:17.0.18:::::::*
cpe:2.3:a:oracle:jdk:21.0.10:::::::*
cpe:2.3:a:oracle:jdk:25.0.2:::::::*
cpe:2.3:a:oracle:jdk:26:::::::*
cpe:2.3:a:oracle:graalvm:21.3.17::::enterprise:::
cpe:2.3:a:oracle:graalvm_for_jdk:17.0.18:::::::*
cpe:2.3:a:oracle:graalvm_for_jdk:21.0.10:::::::*

関連情報、対策とツール

No	URL	refsource	タグ
1	https://www.oracle.com/security-alerts/cpuapr2026.html	secalert_us@oracle.com

共通脆弱性一覧

CVE-2026-34282

概要	Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 and 21.0.10; Oracle GraalVM Enterprise Edition: 21.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).
公表日	2026年4月22日6:16
登録日	2026年4月25日4:03
最終更新日	2026年4月27日21:20

影響を受けるソフトウェアの構成

構成1	以上	以下	より上	未満
cpe:2.3:a:oracle:jre:1.8.0:update481:::enterprise_performance_pack:::*
cpe:2.3:a:oracle:jre:11.0.30:::::::*
cpe:2.3:a:oracle:jre:17.0.18:::::::*
cpe:2.3:a:oracle:jre:21.0.10:::::::*
cpe:2.3:a:oracle:jre:25.0.2:::::::*
cpe:2.3:a:oracle:jre:26:::::::*
cpe:2.3:a:oracle:jdk:1.8.0:update481:::enterprise_performance_pack:::*
cpe:2.3:a:oracle:jdk:11.0.30:::::::*
cpe:2.3:a:oracle:jdk:17.0.18:::::::*
cpe:2.3:a:oracle:jdk:21.0.10:::::::*
cpe:2.3:a:oracle:jdk:25.0.2:::::::*
cpe:2.3:a:oracle:jdk:26:::::::*
cpe:2.3:a:oracle:graalvm:21.3.17::::enterprise:::
cpe:2.3:a:oracle:graalvm_for_jdk:17.0.18:::::::*
cpe:2.3:a:oracle:graalvm_for_jdk:21.0.10:::::::*

関連情報、対策とツール

No	URL	refsource	タグ
1	https://www.oracle.com/security-alerts/cpuapr2026.html	secalert_us@oracle.com

共通脆弱性一覧

No	CWE	名前	URL
1	CWE-400	リソースの枯渇	https://cwe.mitre.org/data/definitions/400.html

構成1	以上	以下	より上	未満
cpe:2.3:a:oracle:graalvm:21.3.17::::enterprise:::
cpe:2.3:a:oracle:graalvm_for_jdk:17.0.18:::::::*
cpe:2.3:a:oracle:graalvm_for_jdk:21.0.10:::::::*
cpe:2.3:a:oracle:jre:1.8.0:update481:::-:::*
cpe:2.3:a:oracle:jre:1.8.0:update481:::enterprise_performance_pack:::*
cpe:2.3:a:oracle:jre:1.8.0:update481_b50:::-:::*
cpe:2.3:a:oracle:jre:11.0.30:::::::*
cpe:2.3:a:oracle:jre:17.0.18:::::::*
cpe:2.3:a:oracle:jre:21.0.10:::::::*
cpe:2.3:a:oracle:jre:25.0.2:::::::*
cpe:2.3:a:oracle:jre:26:::::::*
cpe:2.3:a:oracle:jdk:1.8.0:update481:::-:::*
cpe:2.3:a:oracle:jdk:1.8.0:update481:::enterprise_performance_pack:::*
cpe:2.3:a:oracle:jdk:1.8.0:update481_b50:::-:::*
cpe:2.3:a:oracle:jdk:11.0.30:::::::*
cpe:2.3:a:oracle:jdk:17.0.18:::::::*
cpe:2.3:a:oracle:jdk:21.0.10:::::::*
cpe:2.3:a:oracle:jdk:25.0.2:::::::*
cpe:2.3:a:oracle:jdk:26:::::::*

構成1	以上	以下	より上	未満
cpe:2.3:a:oracle:jdk:1.8.0:update481:::-:::*
cpe:2.3:a:oracle:jdk:1.8.0:update481:::enterprise_performance_pack:::*
cpe:2.3:a:oracle:jdk:1.8.0:update481_b50:::-:::*
cpe:2.3:a:oracle:jdk:11.0.30:::::::*
cpe:2.3:a:oracle:jdk:17.0.18:::::::*
cpe:2.3:a:oracle:jdk:21.0.10:::::::*
cpe:2.3:a:oracle:jdk:25.0.2:::::::*
cpe:2.3:a:oracle:jdk:26:::::::*
cpe:2.3:a:oracle:graalvm:21.3.17::::enterprise:::
cpe:2.3:a:oracle:graalvm_for_jdk:17.0.18:::::::*
cpe:2.3:a:oracle:graalvm_for_jdk:21.0.10:::::::*
cpe:2.3:a:oracle:jre:1.8.0:update481:::-:::*
cpe:2.3:a:oracle:jre:1.8.0:update481:::enterprise_performance_pack:::*
cpe:2.3:a:oracle:jre:1.8.0:update481_b50:::-:::*
cpe:2.3:a:oracle:jre:11.0.30:::::::*
cpe:2.3:a:oracle:jre:17.0.18:::::::*
cpe:2.3:a:oracle:jre:21.0.10:::::::*
cpe:2.3:a:oracle:jre:25.0.2:::::::*
cpe:2.3:a:oracle:jre:26:::::::*

構成1	以上	以下	より上	未満
cpe:2.3:a:oracle:jre:1.8.0:update481:::-:::*
cpe:2.3:a:oracle:jre:1.8.0:update481:::enterprise_performance_pack:::*
cpe:2.3:a:oracle:jre:1.8.0:update481_b50:::-:::*
cpe:2.3:a:oracle:jre:11.0.30:::::::*
cpe:2.3:a:oracle:jre:17.0.18:::::::*
cpe:2.3:a:oracle:jre:21.0.10:::::::*
cpe:2.3:a:oracle:jre:25.0.2:::::::*
cpe:2.3:a:oracle:jre:26:::::::*
cpe:2.3:a:oracle:jdk:1.8.0:update481:::-:::*
cpe:2.3:a:oracle:jdk:1.8.0:update481:::enterprise_performance_pack:::*
cpe:2.3:a:oracle:jdk:1.8.0:update481_b50:::-:::*
cpe:2.3:a:oracle:jdk:11.0.30:::::::*
cpe:2.3:a:oracle:jdk:17.0.18:::::::*
cpe:2.3:a:oracle:jdk:21.0.10:::::::*
cpe:2.3:a:oracle:jdk:25.0.2:::::::*
cpe:2.3:a:oracle:jdk:26:::::::*
cpe:2.3:a:oracle:graalvm:21.3.17::::enterprise:::
cpe:2.3:a:oracle:graalvm_for_jdk:17.0.18:::::::*
cpe:2.3:a:oracle:graalvm_for_jdk:21.0.10:::::::*

構成1	以上	以下	より上	未満
cpe:2.3:a:oracle:jre:1.8.0:update481:::-:::*
cpe:2.3:a:oracle:jre:1.8.0:update481:::enterprise_performance_pack:::*
cpe:2.3:a:oracle:jre:1.8.0:update481_b50:::-:::*
cpe:2.3:a:oracle:jre:11.0.30:::::::*
cpe:2.3:a:oracle:jre:17.0.18:::::::*
cpe:2.3:a:oracle:jre:21.0.10:::::::*
cpe:2.3:a:oracle:jre:25.0.2:::::::*
cpe:2.3:a:oracle:jre:26:::::::*
cpe:2.3:a:oracle:jdk:1.8.0:update481:::-:::*
cpe:2.3:a:oracle:jdk:1.8.0:update481:::enterprise_performance_pack:::*
cpe:2.3:a:oracle:jdk:1.8.0:update481_b50:::-:::*
cpe:2.3:a:oracle:jdk:11.0.30:::::::*
cpe:2.3:a:oracle:jdk:17.0.18:::::::*
cpe:2.3:a:oracle:jdk:21.0.10:::::::*
cpe:2.3:a:oracle:jdk:25.0.2:::::::*
cpe:2.3:a:oracle:jdk:26:::::::*
cpe:2.3:a:oracle:graalvm:21.3.17::::enterprise:::
cpe:2.3:a:oracle:graalvm_for_jdk:17.0.18:::::::*
cpe:2.3:a:oracle:graalvm_for_jdk:21.0.10:::::::*

構成1	以上	以下	より上	未満
cpe:2.3:a:oracle:jre:1.8.0:update481:::-:::*
cpe:2.3:a:oracle:jre:1.8.0:update481:::enterprise_performance_pack:::*
cpe:2.3:a:oracle:jre:1.8.0:update481_b50:::-:::*
cpe:2.3:a:oracle:jre:11.0.30:::::::*
cpe:2.3:a:oracle:jre:17.0.18:::::::*
cpe:2.3:a:oracle:jre:21.0.10:::::::*
cpe:2.3:a:oracle:jre:25.0.2:::::::*
cpe:2.3:a:oracle:jre:26:::::::*
cpe:2.3:a:oracle:jdk:1.8.0:update481:::-:::*
cpe:2.3:a:oracle:jdk:1.8.0:update481:::enterprise_performance_pack:::*
cpe:2.3:a:oracle:jdk:1.8.0:update481_b50:::-:::*
cpe:2.3:a:oracle:jdk:11.0.30:::::::*
cpe:2.3:a:oracle:jdk:17.0.18:::::::*
cpe:2.3:a:oracle:jdk:21.0.10:::::::*
cpe:2.3:a:oracle:jdk:25.0.2:::::::*
cpe:2.3:a:oracle:jdk:26:::::::*
cpe:2.3:a:oracle:graalvm:21.3.17::::enterprise:::
cpe:2.3:a:oracle:graalvm_for_jdk:17.0.18:::::::*
cpe:2.3:a:oracle:graalvm_for_jdk:21.0.10:::::::*