Vulnerability in Oracle Hospitality_opera_5
CVE-2026-21967
Vulnerability in the Oracle Hospitality OPERA 5 product of Oracle Hospitality Applications (component: Opera Servlet). Supported versions that are affected are 5.6.19.23, 5.6.25.17, 5.6.26.10 and 5.6.27.4. Easily exploitable vulnerabilit…
EPSS: 0.003 (18.4th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 8.6 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L.
Affected products
- Oracle Hospitality_opera_5 — versions 5.6.19.23, 5.6.25.17, 5.6.26.10
- Oracle Corporation Hospitality Opera 5 — versions 5.6.19.23, 5.6.25.17, 5.6.26.10
References
- secalert_us@oracle.com (vendor-advisory, Vendor Advisory)
Frequently asked questions
- What is CVE-2026-21967?
- CVE-2026-21967 is a high-severity vulnerability in Oracle Hospitality_opera_5. CVSS score: 8.6/10. Published 2026-01-20.
- How severe is CVE-2026-21967?
- High severity. CVSS v3 base score is 8.6 out of 10.