CVE-2026-21975
📋 TL;DR
This vulnerability in Oracle Database Server's Java VM component allows authenticated high-privilege attackers with network access via Oracle Net to cause a denial of service (DoS) by crashing or hanging the Java VM. It requires human interaction from someone other than the attacker. Affected versions are Oracle Database Server 19.3-19.29 and 21.3-21.20.
💻 Affected Systems
- Oracle Database Server
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete denial of service for Java VM functionality, potentially disrupting database operations that rely on Java stored procedures or Java-based components.
Likely Case
Targeted DoS attacks against specific database instances by malicious insiders or compromised accounts, causing service disruption until manual recovery.
If Mitigated
Limited impact due to network segmentation, privilege restrictions, and prompt patching, with only minor service interruptions.
🎯 Exploit Status
CVSS indicates 'easily exploitable' but requires high privileges and human interaction from another person.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Apply patches from Oracle Critical Patch Update Advisory January 2026
Vendor Advisory: https://www.oracle.com/security-alerts/cpujan2026.html
Restart Required: Yes
Instructions:
1. Download appropriate patch from My Oracle Support. 2. Apply patch following Oracle's patch installation procedures. 3. Restart database instances. 4. Verify patch application.
🔧 Temporary Workarounds
Restrict network access to Oracle Net
linuxLimit network access to Oracle Database servers to only trusted sources using firewall rules.
# Example iptables rule: iptables -A INPUT -p tcp --dport 1521 -s trusted_ip -j ACCEPT
# Then: iptables -A INPUT -p tcp --dport 1521 -j DROP
Reduce Java VM privileges
allReview and minimize Java VM user privileges to only necessary functions.
# Review Java VM privileges: SELECT * FROM DBA_JAVA_POLICY;
# Revoke unnecessary privileges as needed
🧯 If You Can't Patch
- Implement strict network segmentation to isolate Oracle Database servers from untrusted networks
- Enforce principle of least privilege for database users and monitor for suspicious Java VM activity
🔍 How to Verify
Check if Vulnerable:
Check Oracle Database version: SELECT * FROM v$version; If version is between 19.3-19.29 or 21.3-21.20, system is vulnerable.Check Version:
sqlplus / as sysdba <<< "SELECT * FROM v$version;"Verify Fix Applied:
Verify patch application: SELECT * FROM dba_registry_history WHERE action='APPLY'; Check for January 2026 CPU patches.📡 Detection & Monitoring
Log Indicators:
- Java VM crash logs in alert.log
- Unexpected Java process termination
- ORA- errors related to Java execution
Network Indicators:
- Multiple connection attempts to Oracle Net port 1521 followed by Java VM failures
SIEM Query:
source="alert.log" AND ("Java VM" OR "JVM") AND ("crash" OR "hang" OR "terminated")