CVE-2026-22816 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2026-22816 Interim 1 1 2026-03-05T00:18:15Z current 2026-03-05T00:18:15Z 2026-03-05T00:18:15Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2026-22816 Gradle is a build automation tool, and its native-platform tool provides Java bindings for native APIs. When resolving dependencies in versions before 9.3.0, some exceptions were not treated as fatal errors and would not cause a repository to be disabled. If a build encountered one of these exceptions, Gradle would continue to the next repository in the list and potentially resolve dependencies from a different repository. If a Gradle build used an unresolvable host name, Gradle would continue to work as long as all dependencies could be resolved from another repository. An unresolvable host name could be caused by allowing a repository's domain name registration to lapse or typo-ing the real domain name. This behavior could allow an attacker to register a service under the host name used by the build and serve malicious artifacts. The attack requires the repository to be listed before others in the build configuration. Gradle has introduced a change in behavior in Gradle 9.3.0 to stop searching other repositories when encountering these errors. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Linux Enterprise Module for Development Tools 15 SP7 SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS SUSE Linux Enterprise Module for Development Tools 15 SP7 SUSE Linux Enterprise Server 15 SP2-LTSS SUSE Linux Enterprise Server 15 SP3-LTSS SUSE Linux Enterprise Server 15 SP4-LTSS SUSE Linux Enterprise Server 15 SP5-LTSS SUSE Linux Enterprise Server 15 SP6-LTSS SUSE Linux Enterprise Module for Development Tools 15 SP7 SUSE Linux Enterprise Server Teradata 15 SP4 SUSE Linux Enterprise Server for SAP Applications 15 SP4 SUSE Linux Enterprise Server for SAP Applications 15 SP5 SUSE Linux Enterprise Server for SAP Applications 15 SP6 SUSE Linux Enterprise Module for Development Tools 15 SP7 openSUSE Leap 15.6 gradle gradle as a component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS gradle as a component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS gradle as a component of SUSE Linux Enterprise Module for Development Tools 15 SP7 gradle as a component of SUSE Linux Enterprise Server 15 SP2-LTSS gradle as a component of SUSE Linux Enterprise Server 15 SP3-LTSS gradle as a component of SUSE Linux Enterprise Server 15 SP4-LTSS gradle as a component of SUSE Linux Enterprise Server 15 SP5-LTSS gradle as a component of SUSE Linux Enterprise Server 15 SP6-LTSS gradle as a component of SUSE Linux Enterprise Server Teradata 15 SP4 gradle as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP4 gradle as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP5 gradle as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP6 gradle as a component of openSUSE Leap 15.6 Gradle is a build automation tool, and its native-platform tool provides Java bindings for native APIs. When resolving dependencies in versions before 9.3.0, some exceptions were not treated as fatal errors and would not cause a repository to be disabled. If a build encountered one of these exceptions, Gradle would continue to the next repository in the list and potentially resolve dependencies from a different repository. If a Gradle build used an unresolvable host name, Gradle would continue to work as long as all dependencies could be resolved from another repository. An unresolvable host name could be caused by allowing a repository's domain name registration to lapse or typo-ing the real domain name. This behavior could allow an attacker to register a service under the host name used by the build and serve malicious artifacts. The attack requires the repository to be listed before others in the build configuration. Gradle has introduced a change in behavior in Gradle 9.3.0 to stop searching other repositories when encountering these errors. CVE-2026-22816 SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:gradle SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:gradle SUSE Linux Enterprise Module for Development Tools 15 SP7:gradle SUSE Linux Enterprise Server 15 SP2-LTSS:gradle SUSE Linux Enterprise Server 15 SP3-LTSS:gradle SUSE Linux Enterprise Server 15 SP4-LTSS:gradle SUSE Linux Enterprise Server 15 SP5-LTSS:gradle SUSE Linux Enterprise Server 15 SP6-LTSS:gradle SUSE Linux Enterprise Server Teradata 15 SP4:gradle SUSE Linux Enterprise Server for SAP Applications 15 SP4:gradle SUSE Linux Enterprise Server for SAP Applications 15 SP5:gradle SUSE Linux Enterprise Server for SAP Applications 15 SP6:gradle openSUSE Leap 15.6:gradle important 8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N