Vulnerability in Oracle Enterprise Manager Affecting Event Management Component
CVE-2026-34279

9.1CRITICAL

Key Information:

Vendor: Oracle
Status: Oracle Enterprise Manager Base Platform
Vendor: CVE Published:; 21 April 2026

What is CVE-2026-34279?

This vulnerability allows an attacker with high privileges and network access via HTTP to exploit the Oracle Enterprise Manager Base Platform. While it primarily affects the Event Management component, the ramifications of such an exploit may extend to other interconnected products. Successful exploitation can lead to a complete takeover of the Oracle Enterprise Manager Base Platform, compromising confidentiality, integrity, and availability.

Affected Version(s)

Oracle Enterprise Manager Base Platform 13.5

Oracle Enterprise Manager Base Platform 24.1

References

https://www.oracle.com/security-alerts/cpuapr2026.html

vendor-advisory

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 21, 2026
Vulnerability Reserved
Mar 26, 2026

CVE-2026-34279 Data

JSON