Oracle GoldenGate Libraries 23.4-23.10 HTTP Data Leak (CVE-2026-34273)
CVE-2026-34273 Published on April 21, 2026
Vulnerability in Oracle GoldenGate (component: Libraries). Supported versions that are affected are 23.4-23.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle GoldenGate. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle GoldenGate accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).
Vulnerability Analysis
CVE-2026-34273 can be exploited with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality, a small impact on integrity and availability.
Weakness Type
What is an Information Disclosure Vulnerability?
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
CVE-2026-34273 has been classified to as an Information Disclosure vulnerability or weakness.
Products Associated with CVE-2026-34273
stack.watch emails you whenever new vulnerabilities are published in Oracle or Oracle Goldengate. Just hit a watch button to start following.
Affected Versions
Oracle Corporation Oracle GoldenGate:- Version 23.4, <= 23.10 is affected.