Improper input validation in Oracle Agile Product Lifecycle Management for Process - CVE-2026-34296
Published: April 22, 2026
Vulnerability identifier: #VU126809
CSH Severity: Low
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2026-34296
CWE-ID: CWE-125
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Oracle Agile Product Lifecycle Management for Process
Oracle Agile Product Lifecycle Management for Process
Software vendor:
Oracle
Oracle
Description
The vulnerability allows a remote authenticated user to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Product Quality Management component in Oracle Agile Product Lifecycle Management for Process. A remote authenticated user can exploit this vulnerability to gain access to sensitive information.
Remediation
Install updates from vendor's website.