Skip to main content

Eclipse Openj9

1 CVEs product

Monthly

CVE-2026-6918 HIGH PATCH This Week

Remote unauthenticated attackers can crash Eclipse OpenJ9 JITServer instances (versions 0.21-0.58) by sending a specially crafted 32-byte TCP message, triggering a buffer over-read (CWE-125) that causes denial of service. The vulnerability requires no authentication or user interaction, affecting any exposed JITServer endpoint. CVSS 8.7 (High) reflects the severe availability impact, though EPSS data is not available for this recent CVE. Exploit code is publicly available via GitHub PR #23793, which demonstrates the bounds-checking fix, though no active exploitation is confirmed at time of analysis.

Information Disclosure Buffer Overflow Eclipse Openj9
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.0%
EPSS 0% CVSS 8.7
HIGH PATCH This Week

Remote unauthenticated attackers can crash Eclipse OpenJ9 JITServer instances (versions 0.21-0.58) by sending a specially crafted 32-byte TCP message, triggering a buffer over-read (CWE-125) that causes denial of service. The vulnerability requires no authentication or user interaction, affecting any exposed JITServer endpoint. CVSS 8.7 (High) reflects the severe availability impact, though EPSS data is not available for this recent CVE. Exploit code is publicly available via GitHub PR #23793, which demonstrates the bounds-checking fix, though no active exploitation is confirmed at time of analysis.

Information Disclosure Buffer Overflow Eclipse Openj9
NVD GitHub VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy