CVE-2026-34312 | THREATINT

Description

Vulnerability in the RDBMS component of Oracle Database Server. Supported versions that are affected are 19.3-19.30. Easily exploitable vulnerability allows high privileged attacker having Row Access Method privilege with network access via multiple protocols to compromise RDBMS. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of RDBMS accessible data. CVSS 3.1 Base Score 2.4 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N).

PUBLISHED Reserved 2026-03-26 | Published 2026-04-21 | Updated 2026-04-22 | Assigner oracle

LOW: 2.4CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N

Problem types

Easily exploitable vulnerability allows high privileged attacker having Row Access Method privilege with network access via multiple protocols to compromise RDBMS. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of RDBMS accessible data.

Product status

19.3 (custom)

affected

References

www.oracle.com/security-alerts/cpuapr2026.html (Oracle Advisory) vendor-advisory

cve.org (CVE-2026-34312)

nvd.nist.gov (CVE-2026-34312)

Download JSON