CVE-2026-34312: Easily exploitable vulnerability allows high privileged attacker having Row Access Method privilege with network access via multiple protocols to compromise RDBMS. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of RDBMS accessible data. in Oracle Corporation Oracle Database Server
CVE-2026-34312 is a low-severity vulnerability in Oracle Database Server versions 19. 3 to 19. 30. It allows a high privileged attacker with Row Access Method privilege and network access via multiple protocols to gain unauthorized read access to a subset of database data. Exploitation requires human interaction from a user other than the attacker. The vulnerability impacts confidentiality but does not affect integrity or availability. Oracle has included this vulnerability in its April 2026 Critical Patch Update advisory but has not explicitly confirmed patch availability or remediation status for this specific issue. Customers are strongly advised to apply Oracle Critical Patch Updates promptly to mitigate such vulnerabilities.
AI Analysis
Technical Summary
This vulnerability affects the RDBMS component of Oracle Database Server versions 19.3 through 19.30. An attacker with high privileges and Row Access Method privilege, who can access the database over the network via multiple protocols, may exploit this vulnerability to read unauthorized data subsets. Successful exploitation requires user interaction from a third party. The CVSS 3.1 base score is 2.4, reflecting a low-severity confidentiality impact with no impact on integrity or availability. Oracle's April 2026 Critical Patch Update advisory references this and many other vulnerabilities but does not provide explicit patch details for this CVE. No known exploits in the wild have been reported.
Potential Impact
The vulnerability allows unauthorized read access to some data within the Oracle Database Server for attackers with specific high privileges and network access. The impact is limited to confidentiality with no reported effects on data integrity or system availability. Exploitation requires human interaction, which reduces the likelihood of automated or widespread attacks. There are no known active exploits targeting this vulnerability at this time.
Mitigation Recommendations
Oracle's April 2026 Critical Patch Update advisory includes this vulnerability among many others but does not explicitly confirm patch availability or remediation for CVE-2026-34312. Customers are strongly advised to remain on actively supported Oracle Database versions and apply the latest Critical Patch Updates promptly. Since no specific patch or workaround is detailed, organizations should monitor Oracle's security advisories for updates. Patch status is not yet confirmed—check the vendor advisory for current remediation guidance.
CVE-2026-34312: Easily exploitable vulnerability allows high privileged attacker having Row Access Method privilege with network access via multiple protocols to compromise RDBMS. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of RDBMS accessible data. in Oracle Corporation Oracle Database Server
Description
CVE-2026-34312 is a low-severity vulnerability in Oracle Database Server versions 19. 3 to 19. 30. It allows a high privileged attacker with Row Access Method privilege and network access via multiple protocols to gain unauthorized read access to a subset of database data. Exploitation requires human interaction from a user other than the attacker. The vulnerability impacts confidentiality but does not affect integrity or availability. Oracle has included this vulnerability in its April 2026 Critical Patch Update advisory but has not explicitly confirmed patch availability or remediation status for this specific issue. Customers are strongly advised to apply Oracle Critical Patch Updates promptly to mitigate such vulnerabilities.
CVSS v3.1
Score 2.4low
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability affects the RDBMS component of Oracle Database Server versions 19.3 through 19.30. An attacker with high privileges and Row Access Method privilege, who can access the database over the network via multiple protocols, may exploit this vulnerability to read unauthorized data subsets. Successful exploitation requires user interaction from a third party. The CVSS 3.1 base score is 2.4, reflecting a low-severity confidentiality impact with no impact on integrity or availability. Oracle's April 2026 Critical Patch Update advisory references this and many other vulnerabilities but does not provide explicit patch details for this CVE. No known exploits in the wild have been reported.
Potential Impact
The vulnerability allows unauthorized read access to some data within the Oracle Database Server for attackers with specific high privileges and network access. The impact is limited to confidentiality with no reported effects on data integrity or system availability. Exploitation requires human interaction, which reduces the likelihood of automated or widespread attacks. There are no known active exploits targeting this vulnerability at this time.
Mitigation Recommendations
Oracle's April 2026 Critical Patch Update advisory includes this vulnerability among many others but does not explicitly confirm patch availability or remediation for CVE-2026-34312. Customers are strongly advised to remain on actively supported Oracle Database versions and apply the latest Critical Patch Updates promptly. Since no specific patch or workaround is detailed, organizations should monitor Oracle's security advisories for updates. Patch status is not yet confirmed—check the vendor advisory for current remediation guidance.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- oracle
- Date Reserved
- 2026-03-26T19:48:45.680Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
- Vendor Advisory Urls
- [{"url":"https://www.oracle.com/security-alerts/cpuapr2026.html","vendor":"Oracle"}]
Threat ID: 69e7e5ab19fe3cd2cdf9f9f5
Added to database: 4/21/2026, 9:01:31 PM
Last enriched: 4/29/2026, 11:36:22 AM
Last updated: 6/5/2026, 7:19:35 PM
Views: 90
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.