Cyber Resilience

CVE-2026-34311

CriticalUpdated

Published: 28 May 2026

Published
28 May 2026
Modified
17 June 2026
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0046 36.7th percentile
Risk Priority 70 floored blend · peak EPSS

Summary

CVE-2026-34311 is a critical-severity an unspecified weakness vulnerability in Oracle Hospitality Opera 5 Property Services. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 36.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

Vulnerability in the Oracle Hospitality OPERA 5 Property Services product of Oracle Hospitality Applications (component: Opera). Supported versions that are affected are 5.6.19.24, 5.6.22, 5.6.25.19, 5.6.27.6 and 5.6.28. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to…

more

compromise Oracle Hospitality OPERA 5 Property Services. Successful attacks of this vulnerability can result in takeover of Oracle Hospitality OPERA 5 Property Services. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Unauthenticated remote HTTP exploit leading to full application takeover on a public-facing service directly matches T1190.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-46821Same vendor: Oracle
CVE-2026-46818Same vendor: Oracle
CVE-2026-34297Same vendor: Oracle
CVE-2025-50060Same vendor: Oracle
CVE-2026-46775Same vendor: Oracle
CVE-2026-34285Same vendor: Oracle
CVE-2026-46822Same vendor: Oracle
CVE-2025-61757Same vendor: Oracle
CVE-2025-30744Same vendor: Oracle
CVE-2026-34310Same vendor: Oracle

Affected Assets

oracle
hospitality opera 5 property services
5.6.19.24, 5.6.22, 5.6.25.19, 5.6.27.6, 5.6.28

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References