Vulnerability in Oracle Hospitality OPERA 5 Property Services Product by Oracle
CVE-2026-34311

9.8CRITICAL

Key Information:

Vendor: Oracle
Status: Oracle Hospitality Opera 5 Property Services
Vendor: CVE Published:; 28 May 2026

What is CVE-2026-34311?

An exploitable vulnerability in the Oracle Hospitality OPERA 5 Property Services allows an unauthenticated attacker with network access via HTTP to compromise the system. Affected versions include 5.6.19.24, 5.6.22, 5.6.25.19, 5.6.27.6, and 5.6.28. Successful exploitation may lead to complete takeover of the OPERA 5 Property Services, impacting confidentiality, integrity, and availability of the affected systems. It is crucial for users to implement the necessary security measures as outlined in the Oracle Advisory.

Affected Version(s)

Oracle Hospitality OPERA 5 Property Services 5.6.19.24

Oracle Hospitality OPERA 5 Property Services 5.6.22

Oracle Hospitality OPERA 5 Property Services 5.6.25.19

References

https://www.oracle.com/security-alerts/cspumay2026.html

vendor-advisory

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 28, 2026
Vulnerability Reserved
Mar 26, 2026

CVE-2026-34311 Data

JSON