Vulnerabilities ›

CVE-2026-34273

Medium

                    Published: Apr 21, 2026                      ·  Modified: Apr 22, 2026                      ·  Source: NVD                

CVSS v3

5.3

🔗 NVD Official

📄 Description (English)

Vulnerability in Oracle GoldenGate (component: Libraries). Supported versions that are affected are 23.4-23.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle GoldenGate. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle GoldenGate accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).

🤖 AI Executive Summary

CVE-2026-34273 is a medium-severity vulnerability in Oracle GoldenGate versions 23.4-23.10 that allows unauthenticated attackers to gain unauthorized read access to sensitive data via HTTP. The vulnerability requires only network access and is easily exploitable with no user interaction needed.

📄 Description (Arabic)

يؤثر هذا الضعف على مكتبات Oracle GoldenGate في الإصدارات 23.4 إلى 23.10 ويسمح لمهاجمين غير مصرح لهم بالوصول إلى البيانات الحساسة عبر بروتوكول HTTP. يتطلب الاستغلال فقط الوصول إلى الشبكة ولا يتطلب مصادقة أو تفاعل المستخدم.

🤖 ملخص تنفيذي (AI)

🤖 AI Intelligence Analysis Analyzed: May 29, 2026 09:46

🇸🇦 Saudi Arabia Impact Assessment

Saudi Relevance: high

🏢 Affected Saudi Sectors

banking government telecom energy

🎯 MITRE ATT&CK Techniques

T1190 T1566 T1040

⚖️ Saudi Risk Score (AI)

5.0

/ 10.0

🔧 Remediation Steps (English)

Upgrade Oracle GoldenGate to patched versions beyond 23.10 immediately. Implement network segmentation to restrict HTTP access to GoldenGate instances. Deploy Web Application Firewalls (WAF) to monitor and block suspicious HTTP requests. Enable authentication mechanisms and disable unauthenticated access. Monitor access logs for unauthorized data read attempts.

🔧 خطوات المعالجة (العربية)

قم بترقية Oracle GoldenGate إلى الإصدارات المصححة بعد 23.10 فوراً. طبق تقسيم الشبكة لتقييد الوصول عبر HTTP إلى مثيلات GoldenGate. نشر جدران الحماية لتطبيقات الويب لمراقبة وحجب طلبات HTTP المريبة. فعّل آليات المصادقة وعطّل الوصول غير المصرح به. راقب سجلات الوصول لمحاولات القراءة غير المصرح بها.

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

5.1 5.2 5.3

🔵 SAMA CSF

AC-2 AC-3 SI-4

🟡 ISO 27001:2022

A.9.2.1 A.9.4.3 A.13.1.1

🔗 References & Sources 1

🔗

https://www.oracle.com/security-alerts/cpuapr2026.html

secalert_us@oracle.com

📊 CVSS Score

5.3

/ 10.0 — Medium

📊 CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Attack VectorN — None / Network

Attack ComplexityL — Low / Local

Privileges RequiredN — None / Network

User InteractionN — None / Network

ScopeU — Unchanged

ConfidentialityL — Low / Local

IntegrityN — None / Network

AvailabilityN — None / Network

📋 Quick Facts

Severity Medium

CVSS Score5.3

EPSS0.03%

Exploit No

Patch ✗ No

Published 2026-04-21

Source Feed nvd

🇸🇦 Saudi Risk Score

5.0

/ 10.0 — Saudi Risk

Priority: MEDIUM

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

CVE-2026-34273

Introduce Yourself

Sign In Required