What is the CVSS score of CVE-2026-21969?

CVE-2026-21969 has a CVSS 3.1 base score of 9.8 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.2%.

Which versions of Agile Product Lifecycle Management For Process are affected by CVE-2026-21969?

CVE-2026-21969 presents critical security risk rated CVSS 9.8. Successful exploitation could critically impact the confidentiality, integrity, and availability of affected systems.

Agile Product Lifecycle Management For Process CVE-2026-21969

CRITICAL

2026-01-20 secalert_us@oracle.com

Oracle Agile Product Lifecycle Management For Process

9.8

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:54 vuln.today

CVE Published

Jan 20, 2026 - 22:15 nvd

CRITICAL 9.8

DescriptionNVD

Vulnerability in the Oracle Agile Product Lifecycle Management for Process product of Oracle Supply Chain (component: Supplier Portal). The supported version that is affected is 6.2.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Agile Product Lifecycle Management for Process. Successful attacks of this vulnerability can result in takeover of Oracle Agile Product Lifecycle Management for Process. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

AnalysisAI

Oracle Agile PLM for Process has a CVSS 9.8 vulnerability in the Supply Chain Sourcing component that allows unauthenticated remote attackers to fully compromise the system.

RemediationAI

Within 24 hours: Identify all affected systems and apply vendor patches immediately. Monitor vendor channels for patch availability.

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

More from same product – last 7 days

CVE-2026-46840 CRITICAL Act Now

10.0 May 28

Remote takeover of Oracle REST Data Services (ORDS) versions 24.2.0 through 26.1.0 allows unauthenticated attackers to c

CVE-2026-46775 CRITICAL Act Now

9.9 May 28

Takeover of Oracle REST Data Services (ORDS) versions 24.2.0 through 26.1.0 is achievable by a low-privileged remote att

CVE-2026-46822 CRITICAL Act Now

9.9 May 28

Account takeover in Oracle iAssets (part of Oracle E-Business Suite versions 12.2.3 through 12.2.15) allows a low-privil

CVE-2026-46824 CRITICAL Act Now

9.9 May 28

Account takeover in Oracle Universal Work Queue (component: Work Provider Site Level Administration) within Oracle E-Bus

CVE-2026-46839 CRITICAL Act Now

9.9 May 28

Privilege escalation to full takeover in Oracle REST Data Services (ORDS) versions 24.2.0 through 26.1.0 allows a low-pr

CVE-2026-21969 vulnerability details – vuln.today

Back

Agile Product Lifecycle Management For Process CVE-2026-21969

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

More from same product – last 7 days

Share

External POC / Exploit Code