Home / Vulnerability Intelligence / CVE-2026-34279

CVE-2026-34279 - Vulnerability Analysis

CriticalCVSS: 9.1

Last Updated: April 22, 2026

Oracle Enterprise Manager - Privilege Escalation

Published: April 21, 2026Updated: April 22, 2026Remote Exploitable

Overview

Oracle Enterprise Manager Base Platform 13.5 and 24.1 contains a privilege escalation vulnerability in Event Management, letting high privileged attackers with network HTTP access take over the platform, exploit requires high privileges.

Severity & Score

Severity: Critical

CVSS Score: 9.1

EPSS Score: 7.5%(Probability of exploitation in next 30 days)

Impact

High privileged attackers can fully compromise Oracle Enterprise Manager Base Platform, impacting confidentiality, integrity, and availability.

Mitigation

Update to the latest available version beyond 13.5 and 24.1.

References

https://www.oracle.com/security-alerts/cpuapr2026.html

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Apr 23, 2026

🔴 CVE-2026-34279 - Critical (9.1) Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Event Management). Supported versions that are affected are 13.5 and 24.1. Easily exploitable vulnerability allows high privileged atta... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34279/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2026-34279
Severity: Critical
CVSS Score: 9.1
Type: broken_access_control
Status: unconfirmed
EPSS: 7.5%
Social Posts: 1

CWE

CWE-306

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

EPSS Score

7.5%Probability of exploitation in the next 30 days