VDB
NCSC-2026-126
NCSC-2026-126
PUBLISHED
CVSS 9.800000190734863 CRITICAL
A vulnerability in Oracle Applications Framework versions 12.2.9 through 12.2.15 allows a high-privileged attacker with HTTP network access to perform unauthorized data modifications, read access, and partial denial of service, rated CVSS 4.7.
Risk Scores
CVSS 3.1
9.800000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Oracle | vers:unknown/* |
Timeline
- Apr 22, 2026 CVE Published
- Apr 22, 2026 Security Advisory
- Apr 22, 2026 Security Advisory
- Apr 22, 2026 Security Advisory
- Apr 22, 2026 Security Advisory
- Apr 22, 2026 Security Advisory
- Apr 22, 2026 Security Advisory
- Apr 22, 2026 Security Advisory
- Apr 22, 2026 Security Advisory
- Apr 22, 2026 Security Advisory
- Apr 22, 2026 Security Advisory
- Apr 22, 2026 Security Advisory
References
- https://advisories.ncsc.nl/csaf/v2/2026/ncsc-2026-0126.json advisory
- https://www.oracle.com/security-alerts/cpuapr2026.html advisory
- https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-34275.json advisory
- https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-51504.json advisory
- https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-48734.json advisory
- https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-22011.json advisory
- https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-58057.json advisory
- https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-34297.json advisory
- https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-34274.json advisory
- https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-41242.json advisory
- https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-34302.json advisory
- https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-31672.json advisory
- https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-68161.json advisory
- https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-34298.json advisory
- https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-22014.json advisory