Authentication Weakness in Oracle Life Sciences InForm by Oracle
CVE-2026-34323

6.3MEDIUM

Key Information:

Vendor: Oracle
Status: Oracle Life Sciences Inform
Vendor: CVE Published:; 21 April 2026

What is CVE-2026-34323?

The vulnerability identified in Oracle Life Sciences InForm allows an unauthenticated attacker with network access to compromise the application. Affected versions, 7.0.1.0 and 7.0.1.1, may lead to unauthorized updates, inserts, or deletions of accessible data. Additionally, attackers can gain unauthorized read access to certain data and can trigger a partial denial of service (DoS) condition. Exploitation of this flaw necessitates human interaction from a third-party user, which increases the attack surface significantly while impacting data confidentiality, integrity, and availability.

Affected Version(s)

Oracle Life Sciences InForm 7.0.1.0

Oracle Life Sciences InForm 7.0.1.1

References

https://www.oracle.com/security-alerts/cpuapr2026.html

vendor-advisory

CVSS V3.1

Score:

6.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 21, 2026
Vulnerability Reserved
Mar 26, 2026

CVE-2026-34323 Data

JSON