CVSS 7.5 · HIGH
CVE-2026-6918
In Eclipse Open9J versions 0.21 to 0.58, a pre-authentication remote attacker can crash JITServer by sending a 32-byte crafted TCP message.
Ver en NVDAnálisis
Eclipse OpenJ9 is a major JVM alternative frequently used in containerized and cloud environments. This vulnerability allows a remote, unauthenticated attacker to cause a denial of service by crashing the JITServer component with a minimal 32-byte payload.
Severidad
Puntaje: 7.5(HIGH)
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HAV: NETWORK
AC: LOW
PR: NONE
UI: NONE
S: UNCHANGED
C: NONE
I: NONE
A: HIGH
Tipo de falla (CWE):
CWE-125EPSS
Probabilidad de explotación (próx. 30 días): 0.0004 (0.0%)
Percentil: 11.5%
EPSS: 2026-05-06
Afecta
eclipse:openj9Descripción técnica
In Eclipse Open9J versions 0.21 to 0.58, a pre-authentication remote attacker can crash JITServer by sending a 32-byte crafted TCP message.
Publicada: 5/5/2026, 13:16:30
Última modificación: 5/5/2026, 20:08:58