Oracle SQLcl Component Vulnerability in Database Server Allowing SQLcl Takeover

Vulnerability

A vulnerability has been identified in the SQLcl component of Oracle Database Server, affecting supported versions 23.4.0 through 23.26.0. This vulnerability, which is difficult to exploit, allows an unauthenticated attacker with access to the environment where SQLcl runs to compromise SQLcl. Exploitation of this vulnerability requires human interaction from a third party. Successful attacks can lead to a complete takeover of SQLcl.

Impact

Exploitation of this vulnerability can result in a full takeover of the SQLcl component.

Added: Jan 20, 2026, 11:15 PM

Updated: Jan 20, 2026, 11:15 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

8.1

exploitability

3.0

remediation

0.0

relevance

2.2

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

8.1

exploitability

3.0

remediation

0.0

relevance

2.2

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Oracle SQLcl Component Vulnerability in Database Server Allowing SQLcl Takeover

Vulnerability

Impact

Affected Products

Oracle SQLcl

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating