CVE-2026-21997 - Vulnerability Analysis
HighCVSS: 8.5Last Updated: April 21, 2026
Oracle Life Sciences Empirica Signal - Broken Access Control
Published: April 21, 2026Updated: April 21, 2026Remote Exploitable
Overview
Oracle Life Sciences Empirica Signal 9.2.1-9.2.3 contains a broken access control vulnerability caused by improper authorization in Common Core, letting low privileged attackers with network access via HTTP create, delete, modify, or read critical data, exploit requires low privileged network access.
Severity & Score
Severity: High
CVSS Score: 8.5
Impact
Low privileged attackers can create, delete, modify, and read critical data, potentially compromising data integrity and confidentiality.
Mitigation
Update to the latest available version beyond 9.2.3.
Related Resources
Details
- CVE ID
- CVE-2026-21997
- Severity
- High
- CVSS Score
- 8.5
- Type
- broken_access_control
- Status
- new
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:N