CVE-2026-34291 - Vulnerability Analysis
HighCVSS: 8.7Last Updated: April 21, 2026
Oracle HTTP Server - Broken Access Control
Published: April 21, 2026Updated: April 21, 2026Remote Exploitable
Overview
Oracle HTTP Server 12.2.1.4.0 and 14.1.2.0.0 contain a broken access control vulnerability caused by improper authorization checks, letting unauthenticated network attackers create, delete, or modify critical data, exploit requires network access via HTTP.
Severity & Score
Severity: High
CVSS Score: 8.7
Impact
Unauthenticated attackers can create, delete, or modify critical data, leading to full data compromise on Oracle HTTP Server.
Mitigation
Update to the latest available version beyond 12.2.1.4.0 and 14.1.2.0.0.
Related Resources
Details
- CVE ID
- CVE-2026-34291
- Severity
- High
- CVSS Score
- 8.7
- Type
- broken_access_control
- Status
- new
CVSS Metrics
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N