CVE-2026-34279CRITICAL 9.1EPSS p34.9%

CVE-2026-34279CVE-2026-34279

Description

Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Event Management). Supported versions that are affected are 13.5 and 24.1. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Enterprise Manager Base Platform. While the vulnerability is in Oracle Enterprise Manager Base Platform, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Enterprise Manager Base Platform. CVSS 3.1 Base Score 9.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).

Scoring

CVSS 3.19.1 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
EPSS0.44% probability of exploitation · percentile 34.9% · 2026-06-18T12:00:27Z
Published2026-04-21
Last modified2026-04-24

Underlying weaknesses· 1

CWE-306

References

  1. https://www.oracle.com/security-alerts/cpuapr2026.html

1

TypeTargetConfidenceTier
WeaknessMissing Authentication for Critical Functioncwe-3060%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-34291
CVE
CVE-2026-34285
CVE
CVE-2026-34287
CVE
CVE-2026-34286
CVE
CVE-2026-35277
CVE
CVE-2026-34275
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.