CVE-2026-35232: Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Fusion Middleware. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Fusion Middleware, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Fusion Middleware accessible data as well as unauthorized read access to a subset of Oracle Fusion Middleware accessible data. in Oracle Corporation Oracle Fusion Middleware
Vulnerability in Oracle Fusion Middleware (component: Dynamic Monitoring Service). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Fusion Middleware. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Fusion Middleware, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Fusion Middleware accessible data as well as unauthorized read access to a subset of Oracle Fusion Middleware accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).
AI Analysis
Technical Summary
This vulnerability exists in the Dynamic Monitoring Service component of Oracle Fusion Middleware versions 12.2.1.4.0 and 14.1.2.0.0. It allows an attacker with low privileges and network access via HTTP to compromise the system by leveraging user interaction from a third party. Successful exploitation can lead to unauthorized update, insert, or delete operations, as well as unauthorized read access to some data accessible through Oracle Fusion Middleware. The vulnerability affects confidentiality and integrity but not availability, with a CVSS 3.1 score of 5.4. The scope of impact extends beyond Fusion Middleware to additional Oracle products. Oracle has addressed this vulnerability in its April 2026 Critical Patch Update.
Potential Impact
Exploitation of this vulnerability can result in unauthorized modification (update, insert, delete) and unauthorized reading of certain data accessible via Oracle Fusion Middleware. The attacker requires network access and low privileges, and successful exploitation depends on user interaction by a third party. The vulnerability impacts confidentiality and integrity but does not affect availability. There are no reports of active exploitation in the wild. The scope of impact may extend to other Oracle products beyond Fusion Middleware.
Mitigation Recommendations
Oracle has released patches for this vulnerability as part of the April 2026 Critical Patch Update for Fusion Middleware products. Customers are strongly advised to apply these patches without delay to mitigate the risk. Oracle emphasizes remaining on actively supported versions and promptly applying Critical Patch Updates. No alternative mitigations or workarounds are specified in the advisory. Patch status is confirmed by the vendor advisory.
CVE-2026-35232: Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Fusion Middleware. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Fusion Middleware, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Fusion Middleware accessible data as well as unauthorized read access to a subset of Oracle Fusion Middleware accessible data. in Oracle Corporation Oracle Fusion Middleware
Description
Vulnerability in Oracle Fusion Middleware (component: Dynamic Monitoring Service). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Fusion Middleware. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Fusion Middleware, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Fusion Middleware accessible data as well as unauthorized read access to a subset of Oracle Fusion Middleware accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability exists in the Dynamic Monitoring Service component of Oracle Fusion Middleware versions 12.2.1.4.0 and 14.1.2.0.0. It allows an attacker with low privileges and network access via HTTP to compromise the system by leveraging user interaction from a third party. Successful exploitation can lead to unauthorized update, insert, or delete operations, as well as unauthorized read access to some data accessible through Oracle Fusion Middleware. The vulnerability affects confidentiality and integrity but not availability, with a CVSS 3.1 score of 5.4. The scope of impact extends beyond Fusion Middleware to additional Oracle products. Oracle has addressed this vulnerability in its April 2026 Critical Patch Update.
Potential Impact
Exploitation of this vulnerability can result in unauthorized modification (update, insert, delete) and unauthorized reading of certain data accessible via Oracle Fusion Middleware. The attacker requires network access and low privileges, and successful exploitation depends on user interaction by a third party. The vulnerability impacts confidentiality and integrity but does not affect availability. There are no reports of active exploitation in the wild. The scope of impact may extend to other Oracle products beyond Fusion Middleware.
Mitigation Recommendations
Oracle has released patches for this vulnerability as part of the April 2026 Critical Patch Update for Fusion Middleware products. Customers are strongly advised to apply these patches without delay to mitigate the risk. Oracle emphasizes remaining on actively supported versions and promptly applying Critical Patch Updates. No alternative mitigations or workarounds are specified in the advisory. Patch status is confirmed by the vendor advisory.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- oracle
- Date Reserved
- 2026-04-01T20:03:40.833Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
- Vendor Advisory Urls
- [{"url":"https://www.oracle.com/security-alerts/cpuapr2026.html","vendor":"Oracle"}]
Threat ID: 69e7e5ad19fe3cd2cdfa00d3
Added to database: 4/21/2026, 9:01:33 PM
Last enriched: 4/21/2026, 9:32:26 PM
Last updated: 4/22/2026, 7:19:05 AM
Views: 7
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.