Oracle Identity Manager Connector Vulnerability in Oracle Fusion Middleware
CVE-2026-34286

9.1CRITICAL

Key Information:

Vendor: Oracle
Status: Oracle Identity Manager Connector
Vendor: CVE Published:; 21 April 2026

What is CVE-2026-34286?

The Oracle Identity Manager Connector within Oracle Fusion Middleware has a vulnerability that allows an unauthenticated attacker with network access via HTTPS to compromise the system. This easily exploitable vulnerability can lead to unauthorized creation, deletion, or modification of critical data. Attackers may gain full access to all data managed by the Oracle Identity Manager Connector, causing serious ramifications for data integrity and confidentiality. Organizations utilizing this software must take immediate action to assess their exposure and implement appropriate security measures.

Affected Version(s)

Oracle Identity Manager Connector 12.2.1.4.0

References

https://www.oracle.com/security-alerts/cpuapr2026.html

vendor-advisory

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 21, 2026
Vulnerability Reserved
Mar 26, 2026

CVE-2026-34286 Data

JSON