CVE-2026-34302
Description
Vulnerability in the Oracle Workflow product of Oracle E-Business Suite (component: Workflow Loader). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Workflow. While the vulnerability is in Oracle Workflow, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Workflow accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Workflow. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:L).
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- www.oracle.com/security-alerts/cpuapr2026.htmlnvdVendor Advisory
News mentions
7- What researchers learned about building an LLM security workflowHelp Net Security · May 4, 2026
- Great responsibility, without great powerCisco Talos Intelligence · Apr 30, 2026
- Google Fixes CVSS 10 Gemini CLI CI RCE and Cursor Flaws Enable Code ExecutionThe Hacker News · Apr 30, 2026
- Phishing and MFA exploitation: Targeting the keys to the kingdomCisco Talos Intelligence · Apr 21, 2026
- The Q1 vulnerability pulseCisco Talos Intelligence · Apr 16, 2026
- The n8n n8mare: How threat actors are misusing AI workflow automationCisco Talos Intelligence · Apr 15, 2026
- How AI Assistants are Moving the Security GoalpostsKrebs on Security · Mar 8, 2026