Vulnerability in Oracle Application Development Framework ADF by Oracle
CVE-2026-35243

7.8HIGH

Key Information:

Vendor: Oracle
Status: Oracle Application Development Framework (adf)
Vendor: CVE Published:; 21 April 2026

What is CVE-2026-35243?

An exploitable vulnerability exists within the Oracle Application Development Framework (ADF) integrated into Oracle Fusion Middleware, specifically within the ADF Faces component. This weakness permits low-privileged attackers who have previously logged onto the infrastructure where ADF runs to compromise the framework. Successful exploitation could enable an attacker to take control of ADF, potentially leading to unauthorized access and manipulation of sensitive data within the Oracle environment.

Affected Version(s)

Oracle Application Development Framework (ADF) 12.2.1.4.0

Oracle Application Development Framework (ADF) 14.1.2.0.0

References

https://www.oracle.com/security-alerts/cpuapr2026.html

vendor-advisory

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 21, 2026
Vulnerability Reserved
Apr 1, 2026

CVE-2026-35243 Data

JSON