PT-2026-3714 · Oracle · Oracle Hospitality Opera 5
Johnathan Law
·
Published
2026-01-20
·
Updated
2026-01-21
·
CVE-2026-21967
CVSS v3.1
8.6
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
Oracle Hospitality OPERA 5 versions 5.6.19.23 through 5.6.27.4
Description
An easily exploitable issue exists in the Oracle Hospitality OPERA 5 product, specifically within the Opera Servlet component. An unauthenticated attacker with network access via HTTP can compromise the system. Successful exploitation may lead to unauthorized access to critical data, complete access to all accessible data, unauthorized data manipulation (update, insert, or delete), and a partial denial of service.
Recommendations
Oracle Hospitality OPERA 5 version 5.6.19.23 should be updated.
Oracle Hospitality OPERA 5 version 5.6.25.17 should be updated.
Oracle Hospitality OPERA 5 version 5.6.26.10 should be updated.
Oracle Hospitality OPERA 5 version 5.6.27.4 should be updated.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Oracle Hospitality Opera 5