User Interface Vulnerability in Oracle E-Business Suite Configurator
CVE-2026-34274

6.1MEDIUM

Key Information:

Vendor: Oracle
Status: Oracle Configurator
Vendor: CVE Published:; 21 April 2026

What is CVE-2026-34274?

A vulnerability within the Oracle Configurator component of Oracle E-Business Suite allows an unauthenticated attacker with network access via HTTP to exploit the system. The attack requires human interaction from a third party, which can lead to unauthorized data manipulation, including updates, inserts, and deletions. Moreover, sensitive data could be accessed without proper authorization, affecting other associated products. The potential scope of impacts highlights the importance of addressing this issue promptly.

Affected Version(s)

Oracle Configurator 12.2.3 <= 12.2.15

References

https://www.oracle.com/security-alerts/cpuapr2026.html

vendor-advisory

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 21, 2026
Vulnerability Reserved
Mar 26, 2026

CVE-2026-34274 Data

JSON