CVE-2026-35229

Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.30 and 21.3-21.21. Easily exploitable vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Java VM. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java VM accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.oracle.com/security-alerts/cpuapr2026.html	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:oracle:java_virtual_machine::::::::
	cpe:2.3:a:oracle:java_virtual_machine::::::::

History

05 May 2026, 16:33

Type	Values Removed	Values Added
First Time		Oracle Oracle java Virtual Machine
References	~~() https://www.oracle.com/security-alerts/cpuapr2026.html -~~	() https://www.oracle.com/security-alerts/cpuapr2026.html - Vendor Advisory
CPE		cpe:2.3:a:oracle:java_virtual_machine::::::::

22 Apr 2026, 16:16

Type	Values Removed	Values Added
CWE		CWE-284

21 Apr 2026, 21:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-04-21 21:16

Updated : 2026-05-05 16:33

NVD link : CVE-2026-35229

Mitre link : CVE-2026-35229

CVE.ORG link : CVE-2026-35229

JSON object : View

Products Affected

oracle

java_virtual_machine

CWE

CWE-284

Improper Access Control

7.5 /10