Oracle Fusion Middleware Identity Manager Connector Vulnerability Affecting Network Access
CVE-2026-34288

5.9MEDIUM

Key Information:

Vendor: Oracle
Status: Oracle Identity Manager Connector
Vendor: CVE Published:; 21 April 2026

What is CVE-2026-34288?

A security vulnerability has been identified in Oracle Identity Manager Connector as part of Oracle Fusion Middleware. This issue permits an unauthenticated attacker with network access via HTTP to exploit the vulnerability and potentially gain access to sensitive data managed by the connector. If successfully exploited, an attacker could compromise the integrity and confidentiality of the data accessible through Oracle Identity Manager Connector, placing critical information at risk. It is essential for organizations using this component to apply the necessary updates and security patches to fortify their defenses.

Affected Version(s)

Oracle Identity Manager Connector 12.2.1.4.0

References

https://www.oracle.com/security-alerts/cpuapr2026.html

vendor-advisory

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 21, 2026
Vulnerability Reserved
Mar 26, 2026

CVE-2026-34288 Data

JSON