CVE-2026-22816
Published: 16 January 2026
Summary
CVE-2026-22816 is a high-severity Download of Code Without Integrity Check (CWE-494) vulnerability in Gradle Gradle. Its CVSS base score is 8.6 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Compromise Software Dependencies and Development Tools (T1195.001); ranked at the 4.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 CM-14 (Signed Components) and SA-12 (Supply Chain Protection).
Deeper analysis
CVE-2026-22816 affects Gradle, a build automation tool, specifically its dependency resolution process in versions prior to 9.3.0. The native-platform tool in Gradle provides Java bindings for native APIs, but during dependency resolution, certain exceptions—such as those from unresolvable host names—were not treated as fatal errors. Instead, Gradle would proceed to the next repository in the configuration list, potentially resolving dependencies from an alternative source. This behavior stems from CWEs-494 (Download of Code Without Integrity Check) and CWE-829 (Inclusion of Functionality from Untrusted Control Sphere), with a CVSS v3.1 base score of 7.4 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).
An attacker can exploit this vulnerability by registering a domain name that matches a lapsed registration or a typo in a repository URL listed in a Gradle build configuration. No special privileges are required, only the ability to control a domain and host a malicious repository, with network access to the build environment. For successful exploitation, the targeted repository must be listed before others in the configuration; Gradle will attempt resolution there first, and if the attacker has made the previously unresolvable host active, it can serve malicious artifacts. This enables a supply chain attack, allowing arbitrary code execution via tampered dependencies, compromising confidentiality and integrity.
The Gradle security advisory (GHSA-w78c-w6vf-rw82) and associated commit (e5707d0d8fce3d768c9c489004700d78eab1773a) detail the fix in Gradle 9.3.0, which treats these exceptions as fatal and halts resolution without falling back to other repositories. Security practitioners should upgrade to Gradle 9.3.0 or later and review build configurations for repository order, domain accuracy, and lapsed registrations to mitigate risks.
OWASP Top 10 for Web (2025)
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-3593
Vulnerability details
Gradle is a build automation tool, and its native-platform tool provides Java bindings for native APIs. When resolving dependencies in versions before 9.3.0, some exceptions were not treated as fatal errors and would not cause a repository to be disabled.…
more
If a build encountered one of these exceptions, Gradle would continue to the next repository in the list and potentially resolve dependencies from a different repository. If a Gradle build used an unresolvable host name, Gradle would continue to work as long as all dependencies could be resolved from another repository. An unresolvable host name could be caused by allowing a repository's domain name registration to lapse or typo-ing the real domain name. This behavior could allow an attacker to register a service under the host name used by the build and serve malicious artifacts. The attack requires the repository to be listed before others in the build configuration. Gradle has introduced a change in behavior in Gradle 9.3.0 to stop searching other repositories when encountering these errors.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Vulnerability directly enables supply chain compromise by allowing fallback to attacker-controlled repositories during dependency resolution, facilitating malicious artifact injection (CWE-494/829).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires supply-chain protections that would block resolution of dependencies from attacker-controlled repositories after domain registration lapses or typos.
Mandates use of signed components, preventing Gradle from accepting malicious artifacts served by a fallback repository that lacks valid signatures.
Requires component authenticity verification, which would detect and reject artifacts originating from an unauthorized repository that an attacker registers.