CVE-2026-35231 is a vulnerability in Oracle Financial Services Transaction Filtering 8.1.2.8.0, specifically in the User Interface component. It allows an unauthenticated attacker with network access over HTTP to compromise the system, resulting in unauthorized access to critical or all accessible data within the product. The vulnerability has a CVSS 3.1 score of 7.5, reflecting a high confidentiality impact with no required privileges or user interaction. Oracle has addressed this vulnerability in its April 2026 Critical Patch Update, which includes patches for multiple Oracle products. The vendor strongly recommends applying these patches without delay to prevent exploitation.

Successful exploitation of this vulnerability can lead to unauthorized access to critical or all accessible data in Oracle Financial Services Transaction Filtering 8.1.2.8.0. The confidentiality of sensitive information is severely impacted, but there is no direct impact on integrity or availability. No public exploits have been reported yet, but the vulnerability is considered easily exploitable due to lack of authentication and low attack complexity.

Oracle has released patches for this vulnerability as part of the April 2026 Critical Patch Update. Customers should promptly apply the relevant patches from this update to Oracle Financial Services Transaction Filtering 8.1.2.8.0 to remediate the vulnerability. Oracle strongly recommends remaining on actively supported versions and applying Critical Patch Updates without delay. Patch status is confirmed by the vendor advisory at https://www.oracle.com/security-alerts/cpuapr2026.html.