Actively Exploited in the Wild

This vulnerability is being actively exploited in the wild.

Primary

Context

Oracle Java SE JDK and JRE Scripting Component Vulnerability Allowing Remote Code Execution

Vulnerability

Exploited

Patched

A vulnerability has been identified in the Java Runtime Environment (JRE) component of Oracle Java SE JDK and JRE 6 Update 27 and earlier, as well as JDK and JRE 7. This vulnerability allows remote, untrusted Java Web Start applications and applets to execute arbitrary code, potentially leading to unauthorized actions on behalf of the user.

Impact

Exploitation of this vulnerability could result in arbitrary code execution on the affected system.

Remediation

Users can upgrade to Oracle Java SE JDK and JRE 6 Update 31 or 7 Update 3. Instructions for downloading the latest Java SE release are available on the Oracle Java SE Downloads page. For Red Hat users, the updated java-1.6.0-ibm packages that fix this vulnerability are available through the Red Hat Network.

Added: May 15, 2026, 1:08 PM

Updated: May 15, 2026, 1:08 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

10.0

exploitability

6.1

remediation

8.3

relevance

0.0

threat

9.8

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

10.0

exploitability

6.1

remediation

8.3

relevance

0.0

threat

9.8

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Actively Exploited in the Wild

Oracle Java SE JDK and JRE Scripting Component Vulnerability Allowing Remote Code Execution

Vulnerability

Impact

Remediation

Affected Products

Oracle Java SE

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating