Description
Vulnerability in Oracle GoldenGate (component: Libraries). Supported versions that are affected are 23.4-23.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle GoldenGate. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle GoldenGate accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).
Published: 2026-04-21
Score: 5.3 Medium
EPSS: n/a
KEV: No
Impact: unauthorized data read
Action: Patch
AI Analysis

Impact

The vulnerability allows an unauthenticated attacker to read a subset of data exposed by Oracle GoldenGate over HTTP without authentication, leading to confidentiality compromise (CWE-200).

Affected Systems

Oracle GoldenGate versions 23.4 through 23.10 are affected, specifically the Libraries component accessed via the HTTP interface.

Risk and Exploitability

The CVSS 3.1 Base Score of 5.3 indicates moderate severity with only confidentiality impact. Exploitability is straightforward over the network, and the vulnerability is not listed in CISA KEV and currently lacks an EPSS score, but its ease of exploitation via network-accessible HTTP makes it a legitimate threat.

Generated by OpenCVE AI on April 22, 2026 at 05:08 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Oracle GoldenGate patch or upgrade to a version that fixes the unauthenticated HTTP expose flaw.
  • Restrict HTTP access to the GoldenGate instance by implementing only trusted IP addresses or employing a firewall to block public network access.
  • Ensure the GoldenGate service is not exposed to the internet and verify that internal network access is tightly controlled.

Generated by OpenCVE AI on April 22, 2026 at 05:08 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 22 Apr 2026 03:00:00 +0000

Type Values Removed Values Added
Title Unauthenticated HTTP Data Read Vulnerability in Oracle GoldenGate 23.4-23.10
Weaknesses CWE-200

Wed, 22 Apr 2026 00:00:00 +0000

Type Values Removed Values Added
Description Vulnerability in Oracle GoldenGate (component: Libraries). Supported versions that are affected are 23.4-23.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle GoldenGate. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle GoldenGate accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).
First Time appeared Oracle
Oracle goldengate
CPEs cpe:2.3:a:oracle:goldengate:*:*:*:*:*:*:*:*
Vendors & Products Oracle
Oracle goldengate
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}

Subscriptions

Oracle Goldengate
cve-icon MITRE

Status: PUBLISHED

Assigner: oracle

Published:

Updated: 2026-04-21T20:35:16.617Z

Reserved: 2026-03-26T19:48:45.674Z

Link: CVE-2026-34273

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-04-21T21:16:31.237

Modified: 2026-04-21T21:16:31.237

Link: CVE-2026-34273

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-22T05:15:06Z

Weaknesses