CVE-2026-21975

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:L/Au:S/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Oracle Database Server versions 19.3 through 19.29 Oracle Database Server versions 21.3 through 21.20

Description An issue exists within the Java VM component of Oracle Database Server. A highly privileged attacker with Authenticated User privilege and network access via Oracle Net can compromise the Java VM. Exploitation requires human interaction from someone other than the attacker. Successful exploitation can lead to a denial-of-service condition, causing a hang or frequent crashes of the Java VM.

Recommendations Update Oracle Database Server to a version later than 19.29. Update Oracle Database Server to a version later than 21.20.

Fix

Improper Resource Release

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-404CWE-20

Related Identifiers

BDU:2026-01005

CVE-2026-21975

Affected Products

Oracle Database Server

CVE-2026-21975

Weakness Enumeration

Related Identifiers

Affected Products

References · 6