English
EN
Français
FR
Language
English
EN
Français
FR

CVE Vulnerabilities

Posts & Pages

No results found for ""

Try different keywords or check spelling

Search in CVE database, posts & pages • Press ESC to close

DNA View

High Severity Vulnerability

This vulnerability has been rated as High severity. Immediate action is recommended.

CVE-2026-21939

High
Low Medium High Critical
7.0
CVSS Score
Published: Jan 20, 2026
Last Modified: Jan 29, 2026
CWE: NVD-CWE-noinfo

Vulnerability Description

Vulnerability in the SQLcl component of Oracle Database Server. Supported versions that are affected are 23.4.0-23.26.0. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where SQLcl executes to compromise SQLcl. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of SQLcl. CVSS 3.1 Base Score 7.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H).

CVSS Metrics

Common Vulnerability Scoring System

Vector String:

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
L
Attack Complexity
H
Privileges Required
N
User Interaction
R
Scope
U
Confidentiality
H
Integrity
H
Availability
H

Known Affected Software

4 configuration(s) from 1 vendor(s)

database_server
Version:
23.5
CPE:
cpe:2.3:a:oracle:database_server:23.5:*:*:*:*:*:*:*
database_server
Version:
23.4
CPE:
cpe:2.3:a:oracle:database_server:23.4:*:*:*:*:*:*:*
database_server
Version:
23.8
CPE:
cpe:2.3:a:oracle:database_server:23.8:*:*:*:*:*:*:*
database_server
Version:
23.9
CPE:
cpe:2.3:a:oracle:database_server:23.9:*:*:*:*:*:*:*
This vulnerability affects 4 software configuration(s). Ensure you patch all affected systems.

Available Security Patches

2 patches available from vendors

View All Patches
Oracle

CPUAPR2026

Oracle Critical Patch Update Advisory - April 2026

Severity
Critical
Released
Apr 21, 2026
Restart Required
Security Update
View Details Vendor Page
Oracle

CPUJAN2026

Oracle Critical Patch Update Advisory - January 2026

Severity
Critical
Released
Jan 20, 2026
Restart Required
Security Update
View Details Vendor Page
Browse All Security Patches

References & Resources

Severity Details

7.0
out of 10.0
High

Weakness Type (CWE)

NVD-CWE-noinfo
View CWE Details on MITRE

Key Information

Published Date
January 20, 2026

External Resources

NIST
NIST NVD
National Vulnerability Database
MT
MITRE CVE
Official CVE record