CVE-2026-21967
BaseFortify
Publication date: 2026-01-20
Last updated on: 2026-01-29
Assigner: Oracle
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| oracle | hospitality_opera_5 | 5.6.19.23 |
| oracle | hospitality_opera_5 | 5.6.25.17 |
| oracle | hospitality_opera_5 | 5.6.26.10 |
| oracle | hospitality_opera_5 | 5.6.27.4 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-NVD-CWE-noinfo |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability affects Oracle Hospitality OPERA 5, specifically the Opera Servlet component in certain supported versions. It allows an unauthenticated attacker with network access via HTTP to exploit the system easily. Successful exploitation can lead to unauthorized access to critical data, unauthorized modification (update, insert, delete) of some data, and the ability to cause a partial denial of service (partial DOS) on the system.
How can this vulnerability impact me? :
The vulnerability can impact you by allowing attackers to gain unauthorized access to critical data within Oracle Hospitality OPERA 5. Attackers could also modify data without permission and cause partial denial of service, potentially disrupting business operations and compromising data integrity and availability.