CVE-2026-34279

CRITICAL

Oracle Enterprise Manager Base Platform 13.5 - Privilege Escalation

Title source: llm

Description

Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Event Management). Supported versions that are affected are 13.5 and 24.1. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Enterprise Manager Base Platform. While the vulnerability is in Oracle Enterprise Manager Base Platform, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Enterprise Manager Base Platform. CVSS 3.1 Base Score 9.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).

References (1)

[Vendor Advisory] https://www.oracle.com/security-alerts/cpuapr2026.html

Scores

CVSS v3 9.1

EPSS 0.0010

EPSS Percentile 27.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-306

Status published

Products (2)

Oracle Corporation/Oracle Enterprise Manager Base Platform 13.5

Oracle Corporation/Oracle Enterprise Manager Base Platform 24.1

Published Apr 21, 2026

Tracked Since Apr 22, 2026