CVE-2026-21979
Privilege Escalation in Oracle EPM Agent Allows Data Access
Publication date: 2026-01-20
Last updated on: 2026-01-20
Assigner: Oracle
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| oracle | planning_and_budgeting_cloud_service | 25.04.07 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Oracle Planning and Budgeting Cloud Service, specifically in the EPM Agent component. It affects version 25.04.07 and allows a high privileged attacker who has logged on to the infrastructure where the service runs to compromise the Oracle Planning and Budgeting Cloud Service. Exploiting this vulnerability requires human interaction from someone other than the attacker. Successful exploitation can lead to unauthorized access to critical or all accessible data within the service.
How can this vulnerability impact me? :
The impact of this vulnerability includes unauthorized access to critical data or complete access to all data accessible by the Oracle Planning and Budgeting Cloud Service. This means sensitive or important information could be exposed or compromised by an attacker with high privileges on the infrastructure.
What immediate steps should I take to mitigate this vulnerability?
The immediate step to mitigate this vulnerability is to update the EPM Agent to the latest version as recommended by Oracle. Please refer to the official Oracle documentation on downloading and updating the EPM Agent for more information.