Unauthorized Access Vulnerability in Oracle Life Sciences InForm
CVE-2026-34324

6.5MEDIUM

Key Information:

Vendor: Oracle
Status: Oracle Life Sciences Inform
Vendor: CVE Published:; 21 April 2026

What is CVE-2026-34324?

A vulnerability exists in the Oracle Life Sciences InForm product that allows unauthenticated attackers with network access via HTTP to compromise the system. This can lead to unauthorized actions, including updates, inserts, or deletions of accessible data, as well as unauthorized reading of certain data. The affected versions include 7.0.1.0 and 7.0.1.1, highlighting the need for urgent review and implementation of security measures.

Affected Version(s)

Oracle Life Sciences InForm 7.0.1.0

Oracle Life Sciences InForm 7.0.1.1

References

https://www.oracle.com/security-alerts/cpuapr2026.html

vendor-advisory

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 21, 2026
Vulnerability Reserved
Mar 26, 2026

CVE-2026-34324 Data

JSON