CVE-2026-34320
Published: 21 April 2026
Summary
CVE-2026-34320 is a high-severity Improper Authorization (CWE-285) vulnerability in Oracle Financial Services Customer Screening. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 15.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Enforces approved authorizations for access to system resources, directly mitigating the improper authorization (CWE-285) that allows unauthenticated attackers to access critical data.
Requires timely identification, reporting, and correction of system flaws like this CVE via vendor patching as detailed in the Oracle Critical Patch Update advisory.
Monitors and controls communications at external interfaces to restrict unauthenticated network access via HTTP to the vulnerable User Interface component.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Improper authorization vulnerability in public-facing web UI component allows unauthenticated remote HTTP access to sensitive data, directly enabling exploitation of public-facing applications for initial access and data compromise.
NVD Description
Vulnerability in the Oracle Financial Services Customer Screening product of Oracle Financial Services Applications (component: User Interface). The supported version that is affected is 8.1.2.8.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial…
more
Services Customer Screening. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Financial Services Customer Screening accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
Deeper analysisAI
CVE-2026-34320 is a vulnerability in the User Interface component of Oracle Financial Services Customer Screening, which is part of the Oracle Financial Services Applications suite. The supported version affected is 8.1.2.8.0. Classified under CWE-285 (Improper Authorization), it carries a CVSS 3.1 Base Score of 7.5 with the vector AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N, highlighting high confidentiality impact.
An unauthenticated attacker with network access via HTTP can easily exploit this vulnerability to compromise Oracle Financial Services Customer Screening. Successful exploitation grants unauthorized access to critical data or complete access to all data accessible within the product.
For mitigation details, refer to the Oracle Critical Patch Update advisory at https://www.oracle.com/security-alerts/cpuapr2026.html, published on 2026-04-21.
Details
- CWE(s)