CVE-2026-34279

Name

Code execution in the Event Management component of the Oracle Enterprise Manager Base Platform

CVSS score

9.1 (Critical)

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Product name

Oracle Enterprise Manager Base Platform

Confirmed exploitable versions

13.5, 24.1

Researcher

Jan Czerlunczakiewicz

Description

Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Enterprise Manager Base Platform. While the vulnerability is in Oracle Enterprise Manager Base Platform, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Enterprise Manager Base Platform.

Timeline

12-11-2025 - Vulnerability reported to vendor
21-04-2026 - Security advisory is published by the vendor

References

https://www.oracle.com/security-alerts/cpuapr2026.html
https://www.cve.org/CVERecord?id=CVE-2026-34279