CRITICAL🇵🇱 Wersja polska

CVE-2026-46775

CVSS 9.9v3.1pub. 2026-05-28upd. 2026-06-03

Vulnerability in Oracle REST Data Services (component: Core). Supported versions that are affected are 24.2.0-26.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle REST Data Services. While the vulnerability is in Oracle REST Data Services, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle REST Data Services. CVSS 3.1 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).

🤖 AI Analysis
How it works

An attacker with only basic network privileges can exploit the vulnerability in the Core Oracle REST Data Services component via HTTPS protocol without requiring user interaction. The vulnerability is easy to exploit (low attack complexity). A successful attack may extend beyond the directly targeted product and affect other related systems (scope change).

Impact

An attacker can completely take over control of Oracle REST Data Services, gaining full access to data (confidentiality breach), ability to modify it (integrity breach), and capability to cause service unavailability (availability breach). The attack may also negatively affect other products connected to the vulnerable service.

Mitigation & patch

Security patches available from the vendor must be applied according to references — Oracle Critical Patch Update from May 2026 (https://www.oracle.com/security-alerts/cspumay2026.html). Immediate update to a patched version is recommended.

Who is affected

Oracle REST Data Services, Core component, versions 24.2.0 through 26.1.0 inclusive.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
  • Oracle Rest Data Services

    APP
    Oracle
    24.2.0 – 26.1.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
DoS
CWE
References

Related vulnerabilities

CVE-2026-46839CRITICAL9.9PL ✓ten sam produkt

Krytyczna podatność w Oracle REST Data Services — przejęcie kontroli

CVE-2026-46840CRITICAL10.0PL ✓ten sam produkt

Krytyczna podatność w Oracle REST Data Services — przejęcie kontroli bez uwierzytelnienia

CVE-2017-7657CRITICAL9.8ten sam produkt

In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration w...

CVE-2017-7658CRITICAL9.8ten sam produkt

In Eclipse Jetty Server, versions 9.2.x and older, 9.3.x (all non HTTP/1.x configurations), and 9.4.x (all HTT...

CVE-2026-35266HIGH7.9ten sam produkt

Vulnerability in Oracle REST Data Services (component: Core). Supported versions that are affected are 24.2.0...