{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-12T18:06:48.763","vulnerabilities":[{"cve":{"id":"CVE-2026-21939","sourceIdentifier":"secalert_us@oracle.com","published":"2026-01-20T22:15:56.663","lastModified":"2026-01-29T20:34:46.243","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the SQLcl component of Oracle Database Server.  Supported versions that are affected are 23.4.0-23.26.0. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where SQLcl executes to compromise SQLcl.  Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of SQLcl. CVSS 3.1 Base Score 7.0 (Confidentiality, Integrity and Availability impacts).  CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)."},{"lang":"es","value":"Vulnerabilidad en el componente SQLcl de Oracle Database Server. Las versiones compatibles que están afectadas son 23.4.0-23.26.0. Vulnerabilidad difícil de explotar permite a un atacante no autenticado con inicio de sesión en la infraestructura donde se ejecuta SQLcl comprometer SQLcl. Los ataques exitosos requieren interacción humana de una persona que no sea el atacante. Los ataques exitosos de esta vulnerabilidad pueden resultar en la toma de control de SQLcl. Puntuación base CVSS 3.1 de 7.0 (Impactos en la Confidencialidad, Integridad y Disponibilidad). Vector CVSS: (CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)."}],"metrics":{"cvssMetricV31":[{"source":"secalert_us@oracle.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.0,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.0,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.0,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.0,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:database_server:*:*:*:*:*:*:*:*","versionStartIncluding":"23.4","versionEndIncluding":"23.26","matchCriteriaId":"EA00B2D5-D2BA-4AD6-A58D-BE549C49C38E"}]}]}],"references":[{"url":"https://www.oracle.com/security-alerts/cpujan2026.html","source":"secalert_us@oracle.com","tags":["Vendor Advisory"]}]}}]}