Oracle Database Server XML Database Component Vulnerability Allowing Unauthorized Data Access

Vulnerability

A vulnerability has been identified in the XML Database component of Oracle Database Server, specifically in versions 23.4.0 through 23.26.1. This vulnerability, which is difficult to exploit, allows an unauthenticated attacker with network access via HTTPS to compromise XML Database. Exploitation of this issue requires human interaction from a third party. Successful attacks could lead to unauthorized access to critical data or complete access to all data accessible through XML Database.

Impact

Exploitation of this vulnerability could result in unauthorized access to critical data or complete access to all data in XML Database that is accessible to the user.

Added: Apr 21, 2026, 11:41 PM

Updated: Apr 21, 2026, 11:41 PM

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

2.5

exploitability

5.8

remediation

0.0

relevance

6.4

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

2.5

exploitability

5.8

remediation

0.0

relevance

6.4

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Oracle Database Server XML Database Component Vulnerability Allowing Unauthorized Data Access

Vulnerability

Impact

Affected Products

Oracle XML Database

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating