1. 主頁
  2. 保安警報
  3. 保安警報 (A26-04-23)

高危保安警報 (A26-04-23): Oracle Java 及 Oracle 產品多個漏洞 (2026年4月)


 

發布日期: 2026年 4月 22日

描述:

Oracle 發布了重要修補程式更新公告,包括一系列應對 Java SE 和不同 Oracle 產品中多個安全漏洞的修補程式。有關安全性更新的列表,請參考以下網址:
https://www.oracle.com/security-alerts/cpuapr2026.html

有報告指一個遠端執行程式碼漏洞 (CVE-2021-45046) 正受到攻擊及概念驗證 (PoC) 程式碼的多個漏洞 (CVE-2022-45688、CVE-2023-1436、CVE-2023-34453、CVE-2023-46750、CVE-2024-6387、CVE-2024-29371、CVE-2024-31573、CVE-2025-0725、CVE-2025-15467、CVE-2025-24970、CVE-2025-26791、CVE-2025-27636、CVE-2025-35036、CVE-2025-53864、CVE-2025-54571、CVE-2025-58050、CVE-2025-58057、CVE-2025-58754、CVE-2025-59419、CVE-2025-61984、CVE-2025-65018、CVE-2025-67735、CVE-2025-68973、CVE-2026-0861、CVE-2026-21452、CVE-2026-22184、CVE-2026-23490、CVE-2026-25646、CVE-2026-27727、CVE-2026-27830 及 CVE-2026-33870) 已被公開。系統管理員應立即為受影響的系統安裝修補程式,以減低受到網絡攻擊的風險。

 

受影響的系統:

  • Oracle Java SE
  • Database
  • Fusion Applications and Middleware
  • NoSQL Database
  • Oracle Linux and Virtualization
  • Oracle MySQL Product Suite
  • Oracle and Sun Systems Products Suite

有關受影響產品的完整列表,請參閱以下網址:

https://www.oracle.com/security-alerts/cpuapr2026.html

 

影響:

成功利用漏洞可以導致受影響的系統發生遠端執行程式碼、服務被拒絕、權限提升、泄漏資訊、繞過保安限制或篡改。

 

建議:

現已有適用於受影響系統的修補程式。受影響系統的用戶應遵從產品供應商的建議,立即採取行動以降低風險。

Oracle Java SE 產品的修補程式可從以下連結下載:
Java Platform SE 8u481 (JDK 及 JRE)
Java Platform SE 8u481-b50 (JDK 及 JRE)
Java Platform SE 8u481-perf (JDK 及 JRE)
Java Platform SE 11.0.30 (JDK 及 JRE)
Java Platform SE 17.0.18 (JDK 及 JRE)
Java Platform SE 21.0.10 (JDK 及 JRE)
Java Platform SE 25.0.1 (JDK 及 JRE)
Java Platform SE 25.0.2 (JDK 及 JRE)
Java Platform SE 26 (JDK 及 JRE)

https://www.oracle.com/java/technologies/javase-downloads.html

OpenJDK 的修補程式可從以下連結下載:
https://jdk.java.net

用戶也可通過以下安全公告,以獲取其他 Oracle 產品安全更新方面的資訊:
https://www.oracle.com/security-alerts/cpuapr2026.html

用戶可聯絡其產品支援供應商,以取得修補程式及相關支援。

 

進一步資訊:

  • https://www.oracle.com/security-alerts/cpuapr2026.html
  • https://www.hkcert.org/tc/security-bulletin/oracle-products-multiple-vulnerabilities_20260422
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17521
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-0341
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22573
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28168
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45046
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45047
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45688
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1436
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2976
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5388
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20863
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26464
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34034
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34453
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35116
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44981
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46750
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52428
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5535
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6387
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7254
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8184
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13009
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29371
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29857
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31573
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36124
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43394
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45339
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-51504
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56406
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0725
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1948
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5115
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5318
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5372
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6965
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-7962
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8194
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8869
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8916
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9900
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11143
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12183
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12383
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12543
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13151
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13601
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14017
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15284
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24970
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26333
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26791
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27636
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27817
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27820 (to CVE-2025-27821)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-31672
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-31948
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32990
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-33042
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-35036
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-41242
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-41248 (to CVE-2025-41249)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-41253 (to CVE-2025-41254)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-43967
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-46392
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-46762
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48734
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48795
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48913
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48924
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48976
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-52967
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-52999
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-53643
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-53864
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54571
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-55130
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-55163
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-55754
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58050
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58057
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58098
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58181
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58754
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59419
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59465
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59775
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61729
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61795
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61984
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64775
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-65018
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-65082
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66418
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66453
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66566
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-67635
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-67735
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68161
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68431
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68615
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68973
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69223
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1642
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3288
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-20652
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-21441
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-21452
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-21637
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-21939
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-21945
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-21997 (to CVE-2026-21999)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22001 (to CVE-2026-22011)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22013 (to CVE-2026-22019)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22021 (to CVE-2026-22022)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22184
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22801
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-23490
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-23865
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-23903
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24734
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25210
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25646
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25968
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25990
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-26007
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27099
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27727
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27830
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-31790
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33870
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34266 (to CVE-2026-34310)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34312 (to CVE-2026-34315)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34317 (to CVE-2026-34321)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34323 (to CVE-2026-34325)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35229 (to CVE-2026-35232)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35234 (to CVE-2026-35252)


標籤 : Oracle , Java , Oracle Database , Fusion , Oracle NoSQL , Oracle Linux , MySQL , Sun Systems
標籤