CVE-2026-34320 is a vulnerability in Oracle Financial Services Customer Screening 8.1.2.8.0 affecting the User Interface component. It allows unauthenticated remote attackers to access critical data over HTTP without requiring user interaction or privileges. The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) indicates network attack vector, low attack complexity, no privileges or user interaction needed, unchanged scope, and high confidentiality impact. Oracle has acknowledged this vulnerability in its April 2026 Critical Patch Update advisory but has not explicitly detailed patch availability or remediation steps specific to this product version in the advisory text provided.

Successful exploitation can lead to unauthorized access to critical or all accessible data within Oracle Financial Services Customer Screening 8.1.2.8.0. This compromises confidentiality but does not impact integrity or availability. The vulnerability is exploitable remotely without authentication, increasing risk exposure. No known active exploits have been reported.

Oracle has included this vulnerability in its April 2026 Critical Patch Update advisory and strongly recommends applying the latest Critical Patch Updates without delay. However, the advisory does not explicitly confirm patch availability or provide a direct patch link for Oracle Financial Services Customer Screening 8.1.2.8.0. Customers should consult the official Oracle Critical Patch Update April 2026 advisory at https://www.oracle.com/security-alerts/cpuapr2026.html for the latest patch information and installation instructions. Until a patch is applied, restricting network access to the affected service and monitoring for unusual activity may reduce risk.