Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.8
CVE-2026-34311: Oracle Hospitality OPERA 5 Property Services can be taken over remotely
CVE-2026-34311
Summary
Some versions of Oracle Hospitality OPERA 5 Property Services have a security weakness that allows hackers to access and control the system without a password. This means they can potentially steal sensitive information, disrupt operations, or even lock out legitimate users. Oracle Hospitality recommends updating to the latest version to fix this issue.
Original title
Vulnerability in the Oracle Hospitality OPERA 5 Property Services product of Oracle Hospitality Applications (component: Opera). Supported versions that are affected are 5.6.19.24, 5.6.22, 5.6.25....
Original description
Vulnerability in the Oracle Hospitality OPERA 5 Property Services product of Oracle Hospitality Applications (component: Opera). Supported versions that are affected are 5.6.19.24, 5.6.22, 5.6.25.19, 5.6.27.6 and 5.6.28. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality OPERA 5 Property Services. Successful attacks of this vulnerability can result in takeover of Oracle Hospitality OPERA 5 Property Services. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
nvd CVSS3.1
9.8
Published: 28 May 2026 · Updated: 31 May 2026 · First seen: 28 May 2026