{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-17T14:46:07.137","vulnerabilities":[{"cve":{"id":"CVE-2026-22865","sourceIdentifier":"security-advisories@github.com","published":"2026-01-16T23:15:50.280","lastModified":"2026-02-18T16:16:01.930","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Gradle is a build automation tool, and its native-platform tool provides Java bindings for native APIs. When resolving dependencies in versions before 9.3.0, some exceptions were not treated as fatal errors and would not cause a repository to be disabled. If a build encountered one of these exceptions, Gradle would continue to the next repository in the list and potentially resolve dependencies from a different repository. An exception like NoHttpResponseException can indicate transient errors. If the errors persist after a maximum number of retries, Gradle would continue to the next repository. This behavior could allow an attacker to disrupt the service of a repository and leverage another repository to serve malicious artifacts. This attack requires the attacker to have control over a repository after the disrupted repository. Gradle has introduced a change in behavior in Gradle 9.3.0 to stop searching other repositories when encountering these errors."},{"lang":"es","value":"Gradle es una herramienta de automatización de compilación, y su herramienta de plataforma nativa proporciona enlaces Java para APIs nativas. Al resolver dependencias en versiones anteriores a la 9.3.0, algunas excepciones no se trataban como errores fatales y no causarían la deshabilitación de un repositorio. Si una compilación encontraba una de estas excepciones, Gradle continuaría con el siguiente repositorio de la lista y potencialmente resolvería dependencias de un repositorio diferente. Una excepción como NoHttpResponseException puede indicar errores transitorios. Si los errores persisten después de un número máximo de reintentos, Gradle continuaría con el siguiente repositorio. Este comportamiento podría permitir a un atacante interrumpir el servicio de un repositorio y aprovechar otro repositorio para servir artefactos maliciosos. Este ataque requiere que el atacante tenga control sobre un repositorio después del repositorio interrumpido. Gradle ha introducido un cambio de comportamiento en Gradle 9.3.0 para dejar de buscar en otros repositorios al encontrar estos errores."}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"HIGH","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":7.4,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":5.2}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-494"},{"lang":"en","value":"CWE-829"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gradle:gradle:*:*:*:*:*:*:*:*","versionEndExcluding":"8.14.4","matchCriteriaId":"641EFE35-6227-4F41-A541-BB1B5410310E"},{"vulnerable":true,"criteria":"cpe:2.3:a:gradle:gradle:*:*:*:*:*:*:*:*","versionStartIncluding":"9.0.0","versionEndExcluding":"9.3.0","matchCriteriaId":"734289A3-4267-4B9A-B4C0-1BC498FDC907"}]}]}],"references":[{"url":"https://github.com/gradle/gradle/security/advisories/GHSA-mqwm-5m85-gmcv","source":"security-advisories@github.com","tags":["Vendor Advisory"]}]}}]}