VDB
CVE-2026-34312
CVE-2026-34312
PUBLISHED
CVSS 2.4000000953674316 LOW
Vulnerability in the RDBMS component of Oracle Database Server. Supported versions that are affected are 19.3-19.30. Easily exploitable vulnerability allows high privileged attacker having Row Access Method privilege with network access via multiple protocols to compromise RDBMS. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of RDBMS accessible data. CVSS 3.1 Base Score 2.4 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N).
EPSS 0.03% · 8.6th percentile
Risk Scores
CVSS v3.1
2.4000000953674316
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N
EPSS Score
0.03%
8.6th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Oracle Corporation | Oracle Database Server | 19.3 |
| oracle | database_-_rdbms | 19.3 |
Timeline
- Apr 21, 2026 CVE Published
- Apr 22, 2026 Security Advisory
- Apr 22, 2026 CVE Updated
- May 18, 2026 EPSS Score
- May 19, 2026 EPSS Score
- May 20, 2026 EPSS Score
- May 21, 2026 EPSS Score
- May 22, 2026 EPSS Score
- May 23, 2026 EPSS Score
- May 24, 2026 EPSS Score
- May 25, 2026 EPSS Score
- May 26, 2026 EPSS Score
References
- Oracle Advisory vendor-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2026-34312 advisory