Detections
Analytics
Oracle APEX Sample Applications (Brookstrut) (CVE-2026-21931)
medium Nessus Plugin ID 297229
Synopsis
The remote host is affected by a vulnerability.Description
The remote host is affected by a vulnerability in the Oracle APEX Sample Applications product of Oracle APEX (component: Brookstrut Sample App) as referenced in the January 2026 Oracle Critical Patch Update (CPU) advisory.- Vulnerability in the Oracle APEX Sample Applications product of Oracle APEX (component: Brookstrut Sample App). Supported versions that are affected are 23.2.0, 23.2.1, 24.1.0, 24.2.0 and 24.2.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle APEX Sample Applications. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle APEX Sample Applications, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle APEX Sample Applications accessible data as well as unauthorized read access to a subset of Oracle APEX Sample Applications accessible data. (CVE-2026-21931)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Apply the appropriate patch according to the January 2026 Oracle Critical Patch Update advisory.See Also
https://www.oracle.com/security-alerts/cpujan2026.html
https://www.oracle.com/docs/tech/security-alerts/cpujan2026csaf.json
Plugin Details
Severity: Medium
ID: 297229
File Name: oracle_apex_CVE-2026-21931.nasl
Version: 1.1
Type: remote
Family: Web Servers
Published: 1/30/2026
Updated: 1/30/2026
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Low
Score: 3.8
CVSS v2
Risk Factor: Medium
Base Score: 5.5
Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:N
CVSS Score Source: CVE-2026-21931
CVSS v3
Risk Factor: Medium
Base Score: 5.4
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Vulnerability Information
CPE: cpe:/a:oracle:application_express
Patch Publication Date: 1/20/2026
Vulnerability Publication Date: 1/20/2026
Reference Information
CVE: CVE-2026-21931
IAVA: 2026-A-0063