Oracle OPERA 5 UnAuth HTTP Takeover v5.6.19.24-5.6.28 CVE-2026-34311
CVE-2026-34311 Published on May 28, 2026
Vulnerability in the Oracle Hospitality OPERA 5 Property Services product of Oracle Hospitality Applications (component: Opera). Supported versions that are affected are 5.6.19.24, 5.6.22, 5.6.25.19, 5.6.27.6 and 5.6.28. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality OPERA 5 Property Services. Successful attacks of this vulnerability can result in takeover of Oracle Hospitality OPERA 5 Property Services. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
Vulnerability Analysis
CVE-2026-34311 can be exploited with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be critical as this vulnerability has a high impact to the confidentiality, integrity and availability of this component.
Products Associated with CVE-2026-34311
Want to know whenever a new CVE is published for Oracle Hospitality Opera 5 Property Services? stack.watch will email you.
Affected Versions
Oracle Corporation Oracle Hospitality OPERA 5 Property Services:- Version 5.6.19.24 is affected.
- Version 5.6.22 is affected.
- Version 5.6.25.19 is affected.
- Version 5.6.27.6 is affected.
- Version 5.6.28 is affected.