CVE-2026-21967

Name of the Vulnerable Software and Affected Versions Oracle Hospitality OPERA 5 versions 5.6.19.23 through 5.6.27.4

Description An easily exploitable issue exists in the Oracle Hospitality OPERA 5 product, specifically within the Opera Servlet component. An unauthenticated attacker with network access via HTTP can compromise the system. Successful exploitation may lead to unauthorized access to critical data, complete access to all accessible data, unauthorized data manipulation (update, insert, or delete), and a partial denial of service.

Recommendations Oracle Hospitality OPERA 5 version 5.6.19.23 should be updated. Oracle Hospitality OPERA 5 version 5.6.25.17 should be updated. Oracle Hospitality OPERA 5 version 5.6.26.10 should be updated. Oracle Hospitality OPERA 5 version 5.6.27.4 should be updated.