Vulnerability Report

CVE-2026-34312

Title: Oracle Database Server RDBMS Data Read Access Vulnerability

Other

Proof Of Concept

No public PoC currently indexed for CVE-2026-34312.

CWE Category NVD-CWE-noinfo

Published Date Apr 21, 2026

Modified Date Apr 27, 2026

Exploit Status Not Found

Score 2.4 CVSS v3.1

Exploit Probability (EPSS)

0.03%

Vulnerability Summary

CVE-2026-34312: Vulnerability in the RDBMS component of Oracle Database Server. Supported versions that are affected are 19.3-19.30. Easily exploitable vulnerability allows high privileged attacker having Row Access Method privilege with network access via multiple protocols to compromise RDBMS. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of RDBMS accessible data. CVSS 3.1 Base Score 2.4 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N).

Impacted Vendors

oracle 1

ingres 1

Reference Links

https://www.oracle.com/security-alerts/cpuapr2026.html

CVSS v3.1

Source Entity [email protected]

Severity LOW

2.4

Attack Vector

NETWORK

Complexity

LOW

Privileges

N/A

Interaction

REQUIRED

Confidentiality

N/A

Integrity

N/A

Availability

N/A

Scope

UNCHANGED

RAW VECTOR CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N

Associated Attack Patterns (CAPEC)

Total: Patterns