top of page
perceptive_background_267k.jpg

Vulnerability in Oracle REST Data Services (component: Backend-as-a-Service). Supported versions that are affected are 24.2.0-26.1.0. Easily exploitable vulner…

Published:

27 May 2026 at 22:00:00

Alert date:

28 May 2026 at 22:04:22

Source:

nvd.nist.gov

Click to open the original link from this advisory

Enterprise Applications, Web Technologies, Database & Storage

Critical vulnerability CVE-2026-46840 in Oracle REST Data Services Backend-as-a-Service component affecting versions 24.2.0-26.1.0. The vulnerability allows unauthenticated attackers with network access via HTTPS to compromise the service. This easily exploitable flaw has a maximum CVSS 3.1 Base Score of 10.0, indicating critical severity with high impact on confidentiality, integrity, and availability. Successful exploitation can result in complete takeover of Oracle REST Data Services and may significantly impact additional products due to scope change. The vulnerability requires no user interaction and no privileges, making it extremely dangerous for organizations running affected versions.

Technical details

Mitigation steps:

Affected products:

Oracle REST Data Services

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-46840
https://www.oracle.com/security-alerts/cspumay2026.html

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page