Risk Scores
CVSS v3.1
7
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
0.01%
1.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Oracle Corporation | Oracle Database Server | 23.4.0 |
| oracle | database_-_sqlcl | 23.4.0 |
| oracle | database_server | 23.4 |
Timeline
- Jan 20, 2026 CVE Published
- Jan 21, 2026 EPSS Score
- Jan 21, 2026 PoC Published
- Jan 21, 2026 PoC Published
- Jan 21, 2026 PoC Published
- Jan 23, 2026 EPSS Score
- Jan 25, 2026 EPSS Score
- Jan 28, 2026 EPSS Score
- Jan 30, 2026 EPSS Score
- Feb 1, 2026 EPSS Score
- Feb 3, 2026 EPSS Score
- Feb 5, 2026 EPSS Score
References
- Oracle Advisory vendor-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2026-21939 advisory