This vulnerability in Oracle GoldenGate (component: Libraries) affects supported versions 23.4 through 23.10. It allows an unauthenticated attacker with network access over HTTP to compromise the product, resulting in unauthorized read access to a subset of data accessible by Oracle GoldenGate. The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) indicates that the attack requires no privileges or user interaction and has low attack complexity, impacting confidentiality only. The vulnerability is tracked as CWE-200 (Exposure of Sensitive Information). The Oracle April 2026 Critical Patch Update advisory references multiple patches but does not explicitly confirm a patch for this vulnerability, and remediation level is not specified.

Successful exploitation allows an unauthenticated remote attacker to read sensitive data accessible by Oracle GoldenGate without requiring authentication or user interaction. The impact is limited to confidentiality, with no integrity or availability effects reported. There are no known exploits in the wild at this time.

Oracle's April 2026 Critical Patch Update advisory includes multiple security patches across products, including Oracle GoldenGate. However, the advisory does not explicitly confirm patch availability or remediation for CVE-2026-34273. Customers are strongly advised to apply the latest Critical Patch Update promptly to address this and other vulnerabilities. Until a patch is confirmed, monitor Oracle's security advisories for updates. No vendor advisory states that no action is required or that the issue is already mitigated.