CVE-2026-21939

5 documents5 sources
Severity
7.0HIGH
EPSS
0.0%
top 97.34%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Oracle Corporation Oracle Database ServerOracle Database Server
Timeline
PublishedJan 20
Latest updateJan 21

Description

Vulnerability in the SQLcl component of Oracle Database Server. Supported versions that are affected are 23.4.0-23.26.0. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where SQLcl executes to compromise SQLcl. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of SQLcl. CVSS 3.1 Base Score 7.0 (Confidentiality, Integrity and Availability impacts).

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.0 | Impact: 5.9

Affected Packages2 packages

NVDoracle/database_server23.423.26
CVEListV5oracle_corporation/oracle_database_server23.4.023.26.0

🔴Vulnerability Details

2
GHSA
GHSA-34rv-96cq-9vvh: Vulnerability in the SQLcl component of Oracle Database Server2026-01-21
CVEList
CVE-2026-21939: Vulnerability in the SQLcl component of Oracle Database Server2026-01-20

📋Vendor Advisories

1
Oracle
Oracle Oracle Database Server Risk Matrix: SQLcl — CVE-2026-219392026-01-15

🕵️Threat Intelligence

1
Wiz
CVE-2026-21939 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2026-21939 (HIGH CVSS 7) | Vulnerability in the SQLcl componen | cvebase.io