CVE-2026-35229 — Vulnetix

CVE-2026-35229 PUBLISHED CVSS 7.5 HIGH

Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.30 and 21.3-21.21. Easily exploitable vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Java VM. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java VM accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

Risk Scores

CVSS v3.1

7.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected Products

Vendor	Product	Versions
oracle	database_-_java_vm	19.3, 21.3
Oracle Corporation	Oracle Database Server	19.3, 21.3

Timeline

Apr 21, 2026 CVE Published
Apr 21, 2026 PoC Published
Apr 22, 2026 Security Advisory
Apr 22, 2026 CVE Updated

References

Oracle Advisory vendor-advisory
https://nvd.nist.gov/vuln/detail/CVE-2026-35229 advisory

Open in Interactive Console →