Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
1DescriptionCVE.org
Vulnerability in the Net Service component of Oracle Database Server. Supported versions that are affected are 23.4.0-23.26.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Net Service. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Net Service. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).
AnalysisAI
Remote denial of service in Oracle Database Server 23.4.0 through 23.26.2 allows unauthenticated network attackers to crash or hang the Net Service component via crafted TLS traffic. The flaw scores CVSS 7.5 with availability-only impact and was disclosed by Oracle in the May 2026 Critical Patch Update; no public exploit identified at time of analysis.
Technical ContextAI
The vulnerability sits in the Net Service component of Oracle Database Server, the networking layer (commonly associated with Oracle Net Listener and TNS) that brokers client connectivity to the database instance over TLS-protected channels. Because the issue is reachable over TLS without authentication, the defect likely lies in TLS handshake or session handling code paths processed before any database-level credentials are validated. The affected CPE is cpe:2.3:a:oracle_corporation:oracle_database_server, covering the 23ai (23c) release train between 23.4.0 and 23.26.2; the NVD CWE is not assigned, but the symptoms (hang or repeatable crash from a single network actor) are characteristic of resource exhaustion, unhandled exception, or null-dereference classes (CWE-400/CWE-476/CWE-755 family).
RemediationAI
Apply the fixes from the Oracle Critical Patch Update of May 2026 (advisory https://www.oracle.com/security-alerts/cspumay2026.html); exact patched build numbers are listed in the CPU matrix and should be matched to your platform - patch availability is confirmed per Oracle CPU but a specific fixed version was not provided in the input data, so consult the CPU patch availability table for your exact release. Until patching, restrict TCP reachability to the Oracle Net listener (default 1521/TLS variants) to known application/jump hosts via host firewall, network ACLs, or Oracle Connection Manager, and consider enabling Valid Node Checking (tcp.validnode_checking with tcp.invited_nodes) in sqlnet.ora - note that this hardens against arbitrary network sources but does not help if a compromised application host sends the malicious TLS traffic. Avoid disabling TLS as a 'workaround' since that trades a DoS for an eavesdropping exposure.
Same weakness CWE-400 – Uncontrolled Resource Consumption
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-33015
GHSA-hjj7-gh89-r5p6