Unauthenticated Data Access Vulnerability in Oracle Financial Services Applications
CVE-2026-22010

7.5HIGH

Key Information:

Vendor

Oracle
Status
Oracle Financial Services Analytical Applications Infrastructure
Vendor
CVE Published:
21 April 2026

What is CVE-2026-22010?

A vulnerability exists in the Oracle Financial Services Analytical Applications Infrastructure, allowing an unauthenticated attacker with network access to exploit the system via HTTP. This weakness can lead to unauthorized access to sensitive data within the application, potentially resulting in complete access to all data available to the Oracle Financial Services Analytical Applications Infrastructure. Organizations using affected versions 8.0.7.9, 8.0.8.7, and 8.1.2.5 should take immediate steps to mitigate risks associated with this vulnerability.

Affected Version(s)

Oracle Financial Services Analytical Applications Infrastructure 8.0.7.9

Oracle Financial Services Analytical Applications Infrastructure 8.0.8.7

Oracle Financial Services Analytical Applications Infrastructure 8.1.2.5

References

https://www.oracle.com/security-alerts/cpuapr2026.html
vendor-advisory

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.