Detections
Analytics

CVE-2026-21945

No Score

Description

A Blind Server-Side Request Forgery (SSRF) vulnerability exists in Oracle Java 21. The vulnerability, which leads to Denial of Service (DoS), is present in the x509 certificate path validation mechanism when the non-default system property com.sun.security.enableAIAcaIssuers is set to true.

References

https://www.tenable.com/security/research/tra-2026-03

Details

Source: Mitre, NVD

Published: 2026-01-20