CVE-2026-34275 affects Oracle Advanced Inbound Telephony component of Oracle E-Business Suite versions 12.2.3 to 12.2.15. The vulnerability allows an unauthenticated attacker with network access via HTTP to compromise the product, potentially leading to full takeover. The CVSS 3.1 score of 9.8 reflects critical severity with impacts on confidentiality, integrity, and availability. Oracle's April 2026 Critical Patch Update advisory includes security patches addressing this vulnerability among others. The advisory emphasizes the importance of applying these patches promptly to mitigate exploitation risks. Although no exploits are currently known in the wild, the vulnerability is considered easily exploitable due to low attack complexity and no required privileges or user interaction.

Successful exploitation of this vulnerability can lead to complete compromise of Oracle Advanced Inbound Telephony, impacting confidentiality, integrity, and availability of the system. This could allow attackers to take over the affected product entirely. No known exploits in the wild have been reported so far. The vulnerability is rated critical with a CVSS 3.1 base score of 9.8.

Oracle has released security patches for this vulnerability as part of the April 2026 Critical Patch Update. Customers should promptly apply the April 2026 Critical Patch Update to affected Oracle Advanced Inbound Telephony versions (12.2.3 through 12.2.15) to remediate this vulnerability. Oracle strongly recommends remaining on actively-supported versions and applying Critical Patch Updates without delay. Patch status is effectively confirmed by inclusion in the Critical Patch Update advisory. No additional mitigation steps are indicated by the vendor advisory.