Cyber Resilience

CVE-2026-34320

High

Published: 21 April 2026

Published
21 April 2026
Modified
27 April 2026
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score 0.0005 17.2th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-34320 is a high-severity Improper Authorization (CWE-285) vulnerability in Oracle Financial Services Customer Screening. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 17.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-34320 is a vulnerability in the User Interface component of Oracle Financial Services Customer Screening, which is part of the Oracle Financial Services Applications suite. The supported version affected is 8.1.2.8.0. Classified under CWE-285 (Improper Authorization), it carries a CVSS 3.1 Base Score of 7.5 with the vector AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N, highlighting high confidentiality impact.

An unauthenticated attacker with network access via HTTP can easily exploit this vulnerability to compromise Oracle Financial Services Customer Screening. Successful exploitation grants unauthorized access to critical data or complete access to all data accessible within the product.

For mitigation details, refer to the Oracle Critical Patch Update advisory at https://www.oracle.com/security-alerts/cpuapr2026.html, published on 2026-04-21.

EU & UK References

Vulnerability details

Vulnerability in the Oracle Financial Services Customer Screening product of Oracle Financial Services Applications (component: User Interface). The supported version that is affected is 8.1.2.8.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial…

more

Services Customer Screening. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Financial Services Customer Screening accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Improper authorization vulnerability in public-facing web UI component allows unauthenticated remote HTTP access to sensitive data, directly enabling exploitation of public-facing applications for initial access and data compromise.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-50105Same vendor: Oracle
CVE-2025-21565Same vendor: Oracle
CVE-2026-46821Same vendor: Oracle
CVE-2025-53037Same vendor: Oracle
CVE-2025-50060Same vendor: Oracle
CVE-2026-46823Same vendor: Oracle
CVE-2026-46839Same vendor: Oracle
CVE-2026-34275Same vendor: Oracle
CVE-2026-46819Same vendor: Oracle
CVE-2026-34310Same vendor: Oracle

Affected Assets

oracle
financial services customer screening
8.1.2.8.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Enforces approved authorizations for access to system resources, directly mitigating the improper authorization (CWE-285) that allows unauthenticated attackers to access critical data.

prevent

Requires timely identification, reporting, and correction of system flaws like this CVE via vendor patching as detailed in the Oracle Critical Patch Update advisory.

prevent

Monitors and controls communications at external interfaces to restrict unauthenticated network access via HTTP to the vulnerable User Interface component.

References