Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2026-22816
Analyzed
More InfoOfficial Page
Source-security-advisories@github.com
View Known Exploited Vulnerability (KEV) details
Published At-16 Jan, 2026 | 23:15
Updated At-18 Feb, 2026 | 16:17

Gradle is a build automation tool, and its native-platform tool provides Java bindings for native APIs. When resolving dependencies in versions before 9.3.0, some exceptions were not treated as fatal errors and would not cause a repository to be disabled. If a build encountered one of these exceptions, Gradle would continue to the next repository in the list and potentially resolve dependencies from a different repository. If a Gradle build used an unresolvable host name, Gradle would continue to work as long as all dependencies could be resolved from another repository. An unresolvable host name could be caused by allowing a repository's domain name registration to lapse or typo-ing the real domain name. This behavior could allow an attacker to register a service under the host name used by the build and serve malicious artifacts. The attack requires the repository to be listed before others in the build configuration. Gradle has introduced a change in behavior in Gradle 9.3.0 to stop searching other repositories when encountering these errors.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.08.6HIGH
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary3.17.4HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Type: Secondary
Version: 4.0
Base score: 8.6
Base severity: HIGH
Vector:
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Primary
Version: 3.1
Base score: 7.4
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
CPE Matches
Gradle, Inc.
gradle
>>gradle>>Versions before 8.14.4(exclusive)
cpe:2.3:a:gradle:gradle:*:*:*:*:*:*:*:*
Gradle, Inc.
gradle
>>gradle>>Versions from 9.0.0(inclusive) to 9.3.0(exclusive)
cpe:2.3:a:gradle:gradle:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-494Primarysecurity-advisories@github.com
CWE-829Primarysecurity-advisories@github.com
CWE ID: CWE-494
Type: Primary
Source: security-advisories@github.com
CWE ID: CWE-829
Type: Primary
Source: security-advisories@github.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/gradle/gradle/commit/e5707d0d8fce3d768c9c489004700d78eab1773asecurity-advisories@github.com
Patch
https://github.com/gradle/gradle/security/advisories/GHSA-w78c-w6vf-rw82security-advisories@github.com
Vendor Advisory
Hyperlink: https://github.com/gradle/gradle/commit/e5707d0d8fce3d768c9c489004700d78eab1773a
Source: security-advisories@github.com
Resource:
Patch
Hyperlink: https://github.com/gradle/gradle/security/advisories/GHSA-w78c-w6vf-rw82
Source: security-advisories@github.com
Resource:
Vendor Advisory
Change History
0Changes found
Details not found