Oracle has released critical security updates to address CVE-2026-21992, a high-severity vulnerability impacting Oracle Identity Manager and Web Services Manager. This flaw, which carries a critical CVSS score of 9.8, allows unauthenticated attackers with network access via HTTP to achieve remote code execution (RCE) and potentially take full control of affected instances.
The vulnerability impacts versions 12.2.1.4.0 and 14.1.2.1.0 of the affected Oracle components. While there are currently no reports of exploitation in the wild, Oracle has urged immediate patching, especially as CISA recently flagged a similar pre-authenticated RCE vulnerability in the same software suite as actively exploited.
Top comments (0)