This vulnerability in Oracle Database Server's RDBMS component affects versions 19.3 through 19.30. It permits a high privileged attacker possessing the Row Access Method privilege and network access via multiple protocols to compromise the database by gaining unauthorized read access to a subset of accessible data. Exploitation requires user interaction from a person other than the attacker. The CVSS 3.1 base score is 2.4, reflecting a low severity with confidentiality impact only. The vulnerability is documented in Oracle's April 2026 Critical Patch Update advisory, which includes 481 security patches across various Oracle products. The advisory urges customers to apply the update promptly but does not explicitly state a dedicated patch for this CVE. No known active exploits have been reported.

Successful exploitation can lead to unauthorized read access to a subset of data accessible within the Oracle Database Server. The impact is limited to confidentiality with no reported integrity or availability effects. The vulnerability requires a high privilege level and user interaction, reducing the likelihood and scope of exploitation. No known exploits in the wild have been reported.

Oracle's April 2026 Critical Patch Update advisory includes this vulnerability among many others and strongly recommends applying the update without delay. Although the advisory does not explicitly confirm a dedicated patch for CVE-2026-34312, applying the April 2026 Critical Patch Update is the recommended remediation. Customers should ensure they are running actively supported versions and promptly apply Oracle's cumulative security patches. Patch status is not explicitly confirmed for this specific vulnerability; therefore, customers should consult the vendor advisory for the latest remediation guidance.