Home / Vulnerability Intelligence / CVE-2026-34285

CVE-2026-34285 - Vulnerability Analysis

CriticalCVSS: 9.1

Last Updated: April 23, 2026

Oracle Identity Manager Connector - Broken Access Control

Published: April 21, 2026Updated: April 23, 2026Remote Exploitable

Overview

Oracle Identity Manager Connector 12.2.1.4.0 contains an unauthorized access vulnerability caused by improper access control, letting unauthenticated network attackers via HTTPS create, delete, or modify critical data.

Severity & Score

Severity: Critical

CVSS Score: 9.1

EPSS Score: 4.7%(Probability of exploitation in next 30 days)

Impact

Unauthenticated attackers can create, delete, or modify critical data, leading to full data compromise.

Mitigation

Update to the latest available version.

References

https://www.oracle.com/security-alerts/cpuapr2026.html

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Apr 22, 2026

🔴 CVE-2026-34285 - Critical (9.1) Vulnerability in the Oracle Identity Manager Connector product of Oracle Fusion Middleware (component: Core). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network acc... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34285/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2026-34285
Severity: Critical
CVSS Score: 9.1
Type: broken_access_control
Status: confirmed
EPSS: 4.7%
Social Posts: 1

CWE

CWE-306

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

EPSS Score

4.7%Probability of exploitation in the next 30 days