Workflow
CVE-2026-21959
MEDIUM
Severity by source
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
3DescriptionCVE.org
Vulnerability in the Oracle Workflow product of Oracle E-Business Suite (component: Workflow Loader). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Workflow. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Workflow accessible data. CVSS 3.1 Base Score 4.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N).
AnalysisAI
Unauthorized data disclosure in Oracle Workflow Loader (versions 12.2.3-12.2.15) allows high-privileged attackers with network access to extract sensitive information from the Oracle E-Business Suite environment. The vulnerability requires administrator-level credentials and HTTP connectivity but can result in complete exposure of workflow-accessible data. A patch is available to remediate this confidentiality issue.
Technical ContextAI
Classified as CWE-284 (Improper Access Control). Affects Workflow. Vulnerability in the Oracle Workflow product of Oracle E-Business Suite (component: Workflow Loader). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Workflow. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Workflow accessible data. CVSS 3.1 Base Score 4.9 (Confidentiality impacts). CVSS Vecto
RemediationAI
A vendor patch is available — apply it immediately. Restrict network access to the affected service where possible.
Vulnerability in the Oracle Workflow product of Oracle E-Business Suite (component: Admin Screens and Grants UI). Rated
Vulnerability in the Oracle Workflow product of Oracle E-Business Suite (component: Worklist). Rated high severity (CVSS
The Nintex Workflow plugin 5.2.2.30 for SharePoint allows XSS. Rated medium severity (CVSS 6.1), this vulnerability is r
Vulnerability in the Oracle Workflow product of Oracle E-Business Suite (component: Workflow Notification Mailer). Rated
Vulnerability in the Oracle Workflow product of Oracle E-Business Suite (component: Workflow Notification Mailer). Rated
Vulnerability in the Oracle Workflow product of Oracle E-Business Suite (component: Worklist). Rated medium severity (CV
Vulnerability in the Oracle Workflow product of Oracle E-Business Suite (component: Admin Screens and Grants UI). Rated
Same weakness CWE-284 – Improper Access Control
View allShare
External POC / Exploit Code
Leaving vuln.today