{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-34273", "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85", "state": "PUBLISHED", "assignerShortName": "oracle", "dateReserved": "2026-03-26T19:48:45.674Z", "datePublished": "2026-04-21T20:35:16.617Z", "dateUpdated": "2026-04-22T13:51:52.033Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "43595867-4340-4103-b7a2-9a5208d29a85", "shortName": "oracle", "dateUpdated": "2026-04-21T20:35:16.617Z"}, "problemTypes": [{"descriptions": [{"lang": "en-US", "description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle GoldenGate. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle GoldenGate accessible data."}]}], "affected": [{"vendor": "Oracle Corporation", "product": "Oracle GoldenGate", "versions": [{"version": "23.4", "status": "affected", "lessThanOrEqual": "23.10", "versionType": "custom"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:oracle:goldengate:*:*:*:*:*:*:*:*", "versionStartIncluding": "23.4", "versionEndIncluding": "23.10"}]}]}], "descriptions": [{"lang": "en-US", "value": "Vulnerability in Oracle GoldenGate (component: Libraries). Supported versions that are affected are 23.4-23.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle GoldenGate. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle GoldenGate accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)."}], "references": [{"url": "https://www.oracle.com/security-alerts/cpuapr2026.html", "name": "Oracle Advisory", "tags": ["vendor-advisory"]}], "metrics": [{"cvssV3_1": {"attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE", "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM"}}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-200", "lang": "en", "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-22T13:51:48.416206Z", "id": "CVE-2026-34273", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-22T13:51:52.033Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-34273", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-22T13:51:48.416206Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-200", "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-22T13:51:44.575Z"}}], "cna": {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}], "affected": [{"vendor": "Oracle Corporation", "product": "Oracle GoldenGate", "versions": [{"status": "affected", "version": "23.4", "versionType": "custom", "lessThanOrEqual": "23.10"}]}], "references": [{"url": "https://www.oracle.com/security-alerts/cpuapr2026.html", "name": "Oracle Advisory", "tags": ["vendor-advisory"]}], "descriptions": [{"lang": "en-US", "value": "Vulnerability in Oracle GoldenGate (component: Libraries). Supported versions that are affected are 23.4-23.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle GoldenGate. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle GoldenGate accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)."}], "problemTypes": [{"descriptions": [{"lang": "en-US", "description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle GoldenGate. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle GoldenGate accessible data."}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:oracle:goldengate:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "23.10", "versionStartIncluding": "23.4"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "43595867-4340-4103-b7a2-9a5208d29a85", "shortName": "oracle", "dateUpdated": "2026-04-21T20:35:16.617Z"}}}, "cveMetadata": {"cveId": "CVE-2026-34273", "state": "PUBLISHED", "dateUpdated": "2026-04-22T13:51:52.033Z", "dateReserved": "2026-03-26T19:48:45.674Z", "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85", "datePublished": "2026-04-21T20:35:16.617Z", "assignerShortName": "oracle"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:oracle:goldengate:*:*:*:*:*:*:*:*", "matchCriteriaId": "24884419-4172-4940-9F57-78D31520E0D6", "versionEndIncluding": "23.10", "versionStartIncluding": "23.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Vulnerability in Oracle GoldenGate (component: Libraries). Supported versions that are affected are 23.4-23.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle GoldenGate. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle GoldenGate accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)."}], "id": "CVE-2026-34273", "lastModified": "2026-04-27T18:08:37.927", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "secalert_us@oracle.com", "type": "Secondary"}]}, "published": "2026-04-21T21:16:31.237", "references": [{"source": "secalert_us@oracle.com", "tags": ["Vendor Advisory"], "url": "https://www.oracle.com/security-alerts/cpuapr2026.html"}], "sourceIdentifier": "secalert_us@oracle.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[23.4,23.10]"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Oracle GoldenGate", "source": "cna", "vendor": "Oracle Corporation"}, "product": "goldengate", "vendor": "oracle"}], "analysis": {"en": {"generated_at": "2026-04-22T05:08:38.988478+00:00", "value": {"mitigation_remediation": ["Apply the latest Oracle GoldenGate patch or upgrade to a version that fixes the unauthenticated HTTP expose flaw.", "Restrict HTTP access to the GoldenGate instance by implementing only trusted IP addresses or employing a firewall to block public network access.", "Ensure the GoldenGate service is not exposed to the internet and verify that internal network access is tightly controlled."], "summary": {"action": "Patch", "impact": "unauthorized data read"}, "threat_synthesis": {"affected_systems": "Oracle GoldenGate versions 23.4 through 23.10 are affected, specifically the Libraries component accessed via the HTTP interface.", "description_and_impact": "The vulnerability allows an unauthenticated attacker to read a subset of data exposed by Oracle GoldenGate over HTTP without authentication, leading to confidentiality compromise (CWE-200).", "risk_and_exploitability": "The CVSS 3.1 Base Score of 5.3 indicates moderate severity with only confidentiality impact. Exploitability is straightforward over the network, and the vulnerability is not listed in CISA KEV and currently lacks an EPSS score, but its ease of exploitation via network-accessible HTTP makes it a legitimate threat."}}}}, "created": "2026-04-22T02:45:05.857077+00:00", "title": "Unauthenticated HTTP Data Read Vulnerability in Oracle GoldenGate 23.4-23.10", "updated": "2026-04-22T05:15:06.069379+00:00", "vendors": ["oracle", "oracle$PRODUCT$goldengate"], "weaknesses": ["CWE-200"]}