Row Access Method Exploit in Oracle Database Server
CVE-2026-34312

2.4LOW

Key Information:

Vendor: Oracle
Status: Oracle Database Server
Vendor: CVE Published:; 21 April 2026

What is CVE-2026-34312?

A vulnerability in the RDBMS component of Oracle Database Server allows attackers with Row Access Method privileges to exploit the system. This flaw is notably exploitable with network access via various protocols. Although successful exploitation of this vulnerability necessitates human interaction from a non-attacker, it can lead to unauthorized read access to sensitive data within the RDBMS. Versions 19.3 to 19.30 are confirmed as vulnerable, making this a significant concern for database administrators relying on these versions.

Affected Version(s)

Oracle Database Server 19.3 <= 19.30

References

https://www.oracle.com/security-alerts/cpuapr2026.html

vendor-advisory

CVSS V3.1

Score:

2.4

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 21, 2026
Vulnerability Reserved
Mar 26, 2026

CVE-2026-34312 Data

JSON