CVE-2026-21966 — Corporation Oracle Hospitality Opera 5 Property Services vulnerability

4 documents4 sources

Severity

6.1MEDIUMNVD

EPSS

0.0%

top 91.03%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Oracle Corporation Oracle Hospitality Opera 5 Property Services Oracle Hospitality Opera 5

Timeline

PublishedJan 20

Latest updateJan 21

Description

Vulnerability in the Oracle Hospitality OPERA 5 Property Services product of Oracle Hospitality Applications (component: Opera). Supported versions that are affected are 5.6.19.23, 5.6.25.17, 5.6.26.10 and 5.6.27.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality OPERA 5 Property Services. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Hospit…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

▶CVEListV5oracle_corporation/oracle_hospitality_opera_5_property_services4 versions+3

▶NVDoracle/hospitality_opera_54 versions+3

🔴Vulnerability Details

GHSA

GHSA-m2r3-gq7c-7p58: Vulnerability in the Oracle Hospitality OPERA 5 Property Services product of Oracle Hospitality Applications (component: Opera)↗2026-01-21

▶

CVEList

CVE-2026-21966: Vulnerability in the Oracle Hospitality OPERA 5 Property Services product of Oracle Hospitality Applications (component: Opera)↗2026-01-20

▶

📋Vendor Advisories

Oracle

Oracle Oracle Hospitality Applications Risk Matrix: Opera — CVE-2026-21966↗2026-01-15

▶