Oracle · Oracle Database Server · CVE-2026-21939
**Name of the Vulnerable Software and Affected Versions**
Oracle Database Server versions 23.4.0 through 23.26.0
**Description**
A difficult-to-exploit issue exists within the SQLcl component that allows an unauthenticated attacker, with access to the infrastructure where SQLcl runs, to compromise SQLcl. Exploitation requires interaction from someone other than the attacker. Successful exploitation can lead to a takeover of SQLcl.
**Recommendations**
Update to a version beyond 23.26.0.