Oracle HTTP Server CVE-2026-34291: High-Severity RCE Risk
A critical vulnerability, CVE-2026-34291, has been identified in Oracle HTTP Server, specifically affecting versions 12.2.1.4.0 and 14.1.2.0.0. The National Vulnerability Database assigns this a CVSS 3.1 Base Score of 8.7 (High), citing significant impacts on confidentiality and integrity. This flaw, though difficult to exploit, allows unauthenticated attackers with network access via HTTP to compromise the server.
Successful exploitation could lead to unauthorized creation, deletion, or modification of critical data accessible through Oracle HTTP Server. The National Vulnerability Database also notes that attacks may impact additional products beyond the HTTP Server itself due to a ‘scope change’ in the vulnerability’s potential reach. This means the blast radius is larger than it first appears.
The attacker’s calculus here is clear: despite the ‘difficult to exploit’ tag, the payoff is high. Gaining unauthenticated control over a web server, especially one serving critical data, is a prime target. Defenders often underestimate ‘difficult’ vulnerabilities, but dedicated threat actors will invest the resources when the prize is sensitive data or a pivot point into the broader network.
What This Means For You
- If your organization runs Oracle HTTP Server versions 12.2.1.4.0 or 14.1.2.0.0, this is a critical patch. Your CISO needs to prioritize patching immediately. Furthermore, audit your architecture to understand what other systems or data are accessible via the HTTP Server. The 'scope change' warning from the National Vulnerability Database indicates this isn't just about the web server itself – it could be a gateway to broader compromise. Assume a determined attacker will crack this, and plan your defense accordingly.
Related ATT&CK Techniques
🛡️ Detection Rules
3 rules · 6 SIEM formats3 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.
Oracle HTTP Server CVE-2026-34291 Unauthenticated RCE Attempt
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2026-34291 | Information Disclosure | Oracle HTTP Server versions 12.2.1.4.0, 14.1.2.0.0 |
| CVE-2026-34291 | Data Tampering | Oracle HTTP Server versions 12.2.1.4.0, 14.1.2.0.0 |
| CVE-2026-34291 | Auth Bypass | Unauthenticated network access via HTTP to Oracle HTTP Server |
Written by SCW Vulnerability Desk
Source & Attribution
| Source Platform | NVD |
| Channel | National Vulnerability Database |
| Published | April 22, 2026 at 00:16 UTC |
This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.
Believe this infringes your rights? Submit a takedown request.
Related Posts
HKUDS OpenHarness Default Config Exposes Systems (CVE-2026-6823)
CVE-2026-6823 — HKUDS OpenHarness prior to PR #147 remediation contains an insecure default configuration vulnerability where remote channels inherit allow_from = ["*"] permitting arbitrary remote...
Critical AVideo XSS Vulnerability Exposes Admin Settings
CVE-2026-40925 — WWBN AVideo is an open source video platform. In versions 29.0 and prior, `objects/configurationUpdate.json.php` (also routed via `/updateConfig`) persists dozens of global site...
Critical RCE in AVideo YPTSocket Plugin: Unauthenticated Account Takeover
CVE-2026-40911 — WWBN AVideo is an open source video platform. In versions 29.0 and prior, the YPTSocket plugin's WebSocket server relays attacker-supplied JSON message bodies...