BELL-SA-2026:3: Liberica JDK / OpenJFX vulnerabilities fixed

Published: April 28, 2026Last modified: April 27, 2026

Description

Multiple security vulnerabilities were discovered in Liberica JDK product family. The following packages are affected: JDK, JDK Lite, Full JDK, JRE, Full JRE. Please follow the instructions in the Solution section to make sure that your system includes all the necessary updates. Additional details for all the related CVEs are available at the links below.

Solution

The following components must be updated to versions listed below ("Fixed" column). For update instructions please refer to the installation guides of the latest versions of the components.

Liberica JDK 26.0.1 build 10

https://docs.bell-sw.com/liberica-jdk/26.0.1b10/general/install-guide/

Liberica JDK 25.0.3 build 11

https://docs.bell-sw.com/liberica-jdk/25.0.3b11/general/install-guide/

Liberica JDK 21.0.11 build 11

https://docs.bell-sw.com/liberica-jdk/21.0.11b11/general/install-guide/

Liberica JDK 17.0.19 build 11

https://docs.bell-sw.com/liberica-jdk/17.0.19b11/general/install-guide/

Liberica JDK 11.0.31 build 11

https://docs.bell-sw.com/liberica-jdk/11.0.31b11/general/install-guide/

Liberica JDK 8u492 build 9

https://docs.bell-sw.com/liberica-jdk/8u492b9/general/install-guide/

In general, it is sufficient to update all Liberica JDK instances in the system by installing the corresponding updated version of the product (8u492, 11.0.31, 17.0.19, 21.0.11, 25.0.3, 26.0.1).

List of CVE identifiers

• CVE-2026-20652
• CVE-2026-22007
• CVE-2026-22008
• CVE-2026-22013
• CVE-2026-22016
• CVE-2026-22018
• CVE-2026-22021
• CVE-2026-23865
• CVE-2026-34268
• CVE-2026-34282