5.3

CVE-2026-21999

EPSS 0.03%
Veröffentlicht 21.04.2026 20:34:59
Zuletzt bearbeitet 22.04.2026 21:24:26
Quelle secalert_us@oracle.com
CVE-Watchlists
Login
Unerledigt
Login

Vulnerability in the XML Database component of Oracle Database Server.  Supported versions that are affected are 23.4.0-23.26.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise XML Database.  Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in  unauthorized access to critical data or complete access to all XML Database accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N).

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

CNA 1 VulnDex Vulnerability Enrichment 2

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerOracle Corporation

≫

Produkt Oracle Database Server

Version <= 23.26.1

Version 23.4.0

Status affected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.097

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
secalert_us@oracle.com	5.3	1.6	3.6	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

https://www.oracle.com/security-alerts/cpuapr2026.html

https://nvd.nist.gov/vuln/detail/CVE-2026-21999

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-21999

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-21999

EUVD