CVE-2026-6918

UNKNOWN 0.0

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

In Eclipse Open9J versions 0.21 to 0.58, a pre-authentication remote attacker can crash JITServer by sending a 32-byte crafted TCP message.

CWE	CWE-125
Vendor	eclipse foundation
Product	eclipse openj9
Published	May 5, 2026
Last Updated	May 5, 2026

Stay Ahead of the Next One

Get instant alerts for eclipse foundation eclipse openj9

Be the first to know when new unknown vulnerabilities affecting eclipse foundation eclipse openj9 are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Eclipse Foundation / Eclipse OpenJ9

0.21 < 0.59

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/eclipse-openj9/openj9/security/advisories/GHSA-q393-vr4c-969r github.com: https://github.com/eclipse-openj9/openj9/pull/23793

Credits

Sebastian Josue Alba Vives