Vulnerability in Oracle Utilities Application Framework Affecting Oracle Utilities Applications
CVE-2026-21924

5.4MEDIUM

Key Information:

Vendor: Oracle
Status: Oracle Utilities Application Framework
Vendor: CVE Published:; 20 January 2026

What is CVE-2026-21924?

A vulnerability exists in Oracle Utilities Application Framework that can be exploited by a low-privileged attacker with network access via HTTP. This flaw allows unauthorized updates, insertions, or deletions to accessible data within the framework. Moreover, it requires human interaction from a third party, potentially amplifying the risk. The impact of successful attacks may extend beyond the framework, affecting other connected products. Organizations using the affected versions should assess their security posture to mitigate possible unauthorized access.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Oracle Utilities Application Framework 4.4.0.3.0

Oracle Utilities Application Framework 4.5.0.0.0

Oracle Utilities Application Framework 4.5.0.1.1

References

https://www.oracle.com/security-alerts/cpujan2026.html

vendor-advisory

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jan 20, 2026
Vulnerability Reserved
Jan 5, 2026

JSON

Oracle