This vulnerability affects the Oracle Workflow component of Oracle E-Business Suite versions 12.2.3 to 12.2.15. It is exploitable by a high privileged attacker with network access over HTTP, enabling unauthorized modification (update, insert, delete) of accessible data and partial denial of service conditions. The vulnerability scope extends beyond Oracle Workflow, potentially impacting other Oracle products. The CVSS vector indicates network attack vector, low attack complexity, high privileges required, no user interaction, scope changed, no confidentiality impact, low integrity impact, and low availability impact. Oracle's April 2026 Critical Patch Update advisory references multiple patches across product families but does not explicitly state a patch for this vulnerability. No known exploits in the wild have been reported.

Successful exploitation allows an attacker with high privileges and network access to modify Oracle Workflow data unauthorizedly and cause partial denial of service. The integrity and availability of Oracle Workflow data and services are impacted, but confidentiality is not affected. The vulnerability may also affect other Oracle products due to scope change. No known active exploitation has been reported.

Oracle has released a Critical Patch Update advisory in April 2026 containing numerous security patches across multiple products. However, the advisory does not explicitly confirm a patch for CVE-2026-34302. Customers should review the April 2026 Critical Patch Update and apply all relevant patches promptly. Since the product is not a cloud service, remediation depends on customer patching. Patch status is not yet confirmed specifically for this vulnerability—check the Oracle advisory at https://www.oracle.com/security-alerts/cpuapr2026.html for current remediation guidance.