CVE-2026-34275

CRITICAL

Oracle Advanced Inbound Telephony 12.2.3-12.2.15 - RCE

Title source: llm

Description

Vulnerability in the Oracle Advanced Inbound Telephony product of Oracle E-Business Suite (component: Setup and Administration). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Advanced Inbound Telephony. Successful attacks of this vulnerability can result in takeover of Oracle Advanced Inbound Telephony. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

References (1)

[Vendor Advisory] https://www.oracle.com/security-alerts/cpuapr2026.html

Scores

CVSS v3 9.8

EPSS 0.0011

EPSS Percentile 29.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-306

Status published

Products (2)

oracle/advanced_inbound_telephony 12.2.3 - 12.2.15

Oracle Corporation/Oracle Advanced Inbound Telephony 12.2.3 - 12.2.15

Published Apr 21, 2026

Tracked Since Apr 22, 2026