Unauthenticated Remote Access Vulnerability in Oracle HCM Common Architecture
CVE-2026-34297

7.5HIGH

Key Information:

Vendor: Oracle
Status: Oracle Hcm Common Architecture
Vendor: CVE Published:; 21 April 2026

What is CVE-2026-34297?

A vulnerability in the Oracle HCM Common Architecture component of the Oracle E-Business Suite allows an unauthenticated attacker with network access via HTTP to gain unauthorized access to sensitive data. This exploitation can lead to unauthorized visibility to critical information within the Oracle HCM system, posing risks to data confidentiality. The versions affected range from 12.2.3 to 12.2.15, and administrators should apply the necessary patches outlined in the Oracle advisory to mitigate this risk.

Affected Version(s)

Oracle HCM Common Architecture 12.2.3 <= 12.2.15

References

https://www.oracle.com/security-alerts/cpuapr2026.html

vendor-advisory

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 21, 2026
Vulnerability Reserved
Mar 26, 2026

CVE-2026-34297 Data

JSON