CVE-2026-21966

Name of the Vulnerable Software and Affected Versions Oracle Hospitality OPERA 5 Property Services versions 5.6.19.23 through 5.6.27.4

Description An easily exploitable issue exists in the Oracle Hospitality OPERA 5 Property Services component, allowing an unauthenticated attacker with network access via HTTP to compromise the system. Successful attacks require interaction from a user other than the attacker and may impact additional products. Successful exploitation can lead to unauthorized data modification, insertion, deletion, and read access to Oracle Hospitality OPERA 5 Property Services data.

Recommendations Update Oracle Hospitality OPERA 5 Property Services to a version later than 5.6.27.4. Update Oracle Hospitality OPERA 5 Property Services to a version later than 5.6.26.10. Update Oracle Hospitality OPERA 5 Property Services to a version later than 5.6.25.17. Update Oracle Hospitality OPERA 5 Property Services to a version later than 5.6.19.23.