CVE-2026-21969CRITICAL 9.8EPSS p33.3%

CVE-2026-21969CVE-2026-21969

Description

Vulnerability in the Oracle Agile Product Lifecycle Management for Process product of Oracle Supply Chain (component: Supplier Portal). The supported version that is affected is 6.2.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Agile Product Lifecycle Management for Process. Successful attacks of this vulnerability can result in takeover of Oracle Agile Product Lifecycle Management for Process. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.42% probability of exploitation · percentile 33.3% · 2026-06-19T12:03:05Z
Published2026-01-20
Last modified2026-01-29

References

  1. https://www.oracle.com/security-alerts/cpujan2026.html

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-21564
CVE
CVE-2025-21556
CVE
CVE-2026-46819
CVE
CVE-2026-21962
CVE
Oracle Agile Product Lifecycle Management (PLM) Deserialization Vulnerability
CVE
CVE-2026-21992
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.