Oracle-related security advisories were issued for multiple enterprise products, including Oracle Database Server, Oracle Fusion Middleware, Oracle REST Data Services, Oracle Java SE, Oracle Financial Services Applications, and Oracle E-Business Suite. Germany's dCERT published separate advisories for each affected product line, indicating broad exposure across core Oracle infrastructure and business application environments.
One of the disclosed flaws, CVE-2026-34275, affects the Setup and Administration component of Oracle Advanced Inbound Telephony in Oracle E-Business Suite versions 12.2.3 through 12.2.15. Oracle rated the issue critical with a CVSS v3.1 score of 9.8, stating that an unauthenticated attacker with network access over HTTP could exploit it to achieve full takeover of the affected application. The vulnerability was disclosed as part of Oracle's broader Critical Patch Update, underscoring the need for organizations running Oracle platforms to prioritize patch review and remediation across exposed systems.

Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
2 events from the most recent confirmed update back to the earliest known activity.
dCERT published a set of advisories covering multiple vulnerabilities in Oracle products including Database Server, REST Data Services, E-Business Suite, Financial Services Applications, Fusion Middleware, and Java SE. These advisories indicate coordinated public disclosure of Oracle security issues affecting several enterprise product families.
Oracle disclosed CVE-2026-34275 affecting the Setup and Administration component of Oracle Advanced Inbound Telephony in Oracle E-Business Suite versions 12.2.3 through 12.2.15. The vulnerability was described as remotely exploitable without authentication over HTTP and could allow full takeover of the affected product.
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
13 references tracked. Mallory keeps watching after this page renders.
dcert.de
Open sourcedcert.de
Open sourcedcert.de
Open sourcedcert.de
Open sourcedcert.de
Open sourcedcert.de
Open sourcedcert.de
Open sourcecvefeed.io
Open sourceMap indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.