CVE-2026-6918

Summary

In Eclipse Open9J versions 0.21 to 0.58, a pre-authentication remote attacker can crash JITServer by sending a 32-byte crafted TCP message.

Affected Software

VendorProductVersion RangeStatus
Eclipse FoundationEclipse OpenJ90.21 < 0.59affected

Weaknesses

  • CWE-125: CWE-125 Out-of-bounds read

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: partial

Additional References

Eclipse Open9J: Denial of Service in JITServer via crafted TCP message

Additional References

References