Home / Vulnerability Intelligence / CVE-2026-34286

CVE-2026-34286 - Vulnerability Analysis

CriticalCVSS: 9.1

Last Updated: April 21, 2026

Oracle Identity Manager Connector - Broken Access Control

Published: April 21, 2026Updated: April 21, 2026Remote Exploitable

Overview

Oracle Identity Manager Connector 12.2.1.4.0 contains an unauthorized access vulnerability caused by improper access control, letting unauthenticated network attackers via HTTPS create, delete, or modify critical data.

Severity & Score

Severity: Critical

CVSS Score: 9.1

Impact

Unauthenticated attackers can create, delete, or modify critical data, leading to full data compromise.

Mitigation

Update to the latest available version.

References

https://www.oracle.com/security-alerts/cpuapr2026.html

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2026-34286
Severity: Critical
CVSS Score: 9.1
Type: broken_access_control
Status: new

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N