UBUNTU-CVE-2026-22020

See a problem?
Please try reporting it to the source first.
Source
https://ubuntu.com/security/CVE-2026-22020
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-22020.json
JSON Data
https://api.osv.dev/v1/vulns/UBUNTU-CVE-2026-22020
Upstream
  • CVE-2026-22020
Published
2026-04-28T00:00:00Z
Modified
2026-06-05T23:45:05.655687597Z
Severity
  • Ubuntu - medium
Summary
[none]
Details

[updated libpng in Oracle Java]

References

Affected packages

Ubuntu:16.04:LTS / openjdk-9

Package

Name
openjdk-9
Purl
pkg:deb/ubuntu/openjdk-9?arch=source&distro=xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

Other
9~b88-1
9~b101-2ubuntu2
9~b102-1
9~b113-0ubuntu1
9~b114-0ubuntu1

Ecosystem specific 

{
    "binaries": [
        {
            "binary_version": "9~b114-0ubuntu1",
            "binary_name": "openjdk-9-demo"
        },
        {
            "binary_version": "9~b114-0ubuntu1",
            "binary_name": "openjdk-9-jdk"
        },
        {
            "binary_version": "9~b114-0ubuntu1",
            "binary_name": "openjdk-9-jdk-headless"
        },
        {
            "binary_version": "9~b114-0ubuntu1",
            "binary_name": "openjdk-9-jre"
        },
        {
            "binary_version": "9~b114-0ubuntu1",
            "binary_name": "openjdk-9-jre-headless"
        },
        {
            "binary_version": "9~b114-0ubuntu1",
            "binary_name": "openjdk-9-source"
        }
    ]
}

Database specific

source 
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-22020.json"

Ubuntu:20.04:LTS / openjdk-13

Package

Name
openjdk-13
Purl
pkg:deb/ubuntu/openjdk-13?arch=source&distro=focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

Other
13+33-1
13.*
13.0.1+9-2
13.0.2+8-1
13.0.2+8-2
13.0.3+3-1ubuntu2
13.0.4+8-1~20.04
13.0.7+5-0ubuntu1~20.04

Ecosystem specific 

{
    "binaries": [
        {
            "binary_version": "13.0.7+5-0ubuntu1~20.04",
            "binary_name": "openjdk-13-demo"
        },
        {
            "binary_version": "13.0.7+5-0ubuntu1~20.04",
            "binary_name": "openjdk-13-jdk"
        },
        {
            "binary_version": "13.0.7+5-0ubuntu1~20.04",
            "binary_name": "openjdk-13-jdk-headless"
        },
        {
            "binary_version": "13.0.7+5-0ubuntu1~20.04",
            "binary_name": "openjdk-13-jre"
        },
        {
            "binary_version": "13.0.7+5-0ubuntu1~20.04",
            "binary_name": "openjdk-13-jre-headless"
        },
        {
            "binary_version": "13.0.7+5-0ubuntu1~20.04",
            "binary_name": "openjdk-13-jre-zero"
        },
        {
            "binary_version": "13.0.7+5-0ubuntu1~20.04",
            "binary_name": "openjdk-13-source"
        }
    ]
}

Database specific

source 
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-22020.json"

Ubuntu:20.04:LTS / openjdk-16

Package

Name
openjdk-16
Purl
pkg:deb/ubuntu/openjdk-16?arch=source&distro=focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

16.*
16.0.1+9-1~20.04

Ecosystem specific 

{
    "binaries": [
        {
            "binary_version": "16.0.1+9-1~20.04",
            "binary_name": "openjdk-16-demo"
        },
        {
            "binary_version": "16.0.1+9-1~20.04",
            "binary_name": "openjdk-16-jdk"
        },
        {
            "binary_version": "16.0.1+9-1~20.04",
            "binary_name": "openjdk-16-jdk-headless"
        },
        {
            "binary_version": "16.0.1+9-1~20.04",
            "binary_name": "openjdk-16-jre"
        },
        {
            "binary_version": "16.0.1+9-1~20.04",
            "binary_name": "openjdk-16-jre-headless"
        },
        {
            "binary_version": "16.0.1+9-1~20.04",
            "binary_name": "openjdk-16-jre-zero"
        },
        {
            "binary_version": "16.0.1+9-1~20.04",
            "binary_name": "openjdk-16-source"
        }
    ]
}

Database specific

source 
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-22020.json"

Ubuntu:Pro:20.04:LTS / openjdk-21

Package

Name
openjdk-21
Purl
pkg:deb/ubuntu/openjdk-21?arch=source&distro=esm-apps%2Ffocal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

21.*
21.0.1+12-2~20.04.1
21.0.2+13-1~20.04.1
21.0.3+9-1ubuntu1~20.04.1
21.0.4+7-1ubuntu2~20.04
21.0.5+11-1ubuntu1~20.04
21.0.6+7-1~20.04.1
21.0.7+6~us1-0ubuntu1~20.04
21.0.8+9~us1-0ubuntu1~20.04.1
21.0.9+10-1~20.04
21.0.10+7-1~20.04
21.0.11+10-1~20.04.2

Ecosystem specific 

{
    "binaries": [
        {
            "binary_version": "21.0.11+10-1~20.04.2",
            "binary_name": "openjdk-21-demo"
        },
        {
            "binary_version": "21.0.11+10-1~20.04.2",
            "binary_name": "openjdk-21-jdk"
        },
        {
            "binary_version": "21.0.11+10-1~20.04.2",
            "binary_name": "openjdk-21-jdk-headless"
        },
        {
            "binary_version": "21.0.11+10-1~20.04.2",
            "binary_name": "openjdk-21-jre"
        },
        {
            "binary_version": "21.0.11+10-1~20.04.2",
            "binary_name": "openjdk-21-jre-headless"
        },
        {
            "binary_version": "21.0.11+10-1~20.04.2",
            "binary_name": "openjdk-21-jre-zero"
        },
        {
            "binary_version": "21.0.11+10-1~20.04.2",
            "binary_name": "openjdk-21-source"
        },
        {
            "binary_version": "21.0.11+10-1~20.04.2",
            "binary_name": "openjdk-21-testsupport"
        }
    ]
}

Database specific

source 
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-22020.json"

Ubuntu:22.04:LTS / openjdk-18

Package

Name
openjdk-18
Purl
pkg:deb/ubuntu/openjdk-18?arch=source&distro=jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

Other
18~15ea-4
18~20ea-1
18~32ea-1
18~36ea-1
18.*
18.0.2+9-2~22.04

Ecosystem specific 

{
    "binaries": [
        {
            "binary_version": "18.0.2+9-2~22.04",
            "binary_name": "openjdk-18-demo"
        },
        {
            "binary_version": "18.0.2+9-2~22.04",
            "binary_name": "openjdk-18-jdk"
        },
        {
            "binary_version": "18.0.2+9-2~22.04",
            "binary_name": "openjdk-18-jdk-headless"
        },
        {
            "binary_version": "18.0.2+9-2~22.04",
            "binary_name": "openjdk-18-jre"
        },
        {
            "binary_version": "18.0.2+9-2~22.04",
            "binary_name": "openjdk-18-jre-headless"
        },
        {
            "binary_version": "18.0.2+9-2~22.04",
            "binary_name": "openjdk-18-jre-zero"
        },
        {
            "binary_version": "18.0.2+9-2~22.04",
            "binary_name": "openjdk-18-source"
        }
    ]
}

Database specific

source 
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-22020.json"