Main Vulnerability Database Vulnerabilities #VU126809

Improper input validation in Oracle Agile Product Lifecycle Management for Process - CVE-2026-34296

Published: April 22, 2026

Vulnerability identifier: #VU126809

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2026-34296

CWE-ID: CWE-125

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Oracle

Affected software:
Oracle Agile Product Lifecycle Management for Process

Detailed vulnerability description

The vulnerability allows a remote authenticated user to gain access to sensitive information.

The vulnerability exists due to improper input validation within the Product Quality Management component in Oracle Agile Product Lifecycle Management for Process. A remote authenticated user can exploit this vulnerability to gain access to sensitive information.

How to mitigate CVE-2026-34296

Install updates from vendor's website.

Sources

https://www.oracle.com/security-alerts/cpuapr2026.html

Improper input validation in Oracle Agile Product Lifecycle Management for Process - CVE-2026-34296

Detailed vulnerability description

How to mitigate CVE-2026-34296

Sources

Please verify you're human