Vulnerability in Oracle REST Data Services (component: Backend-as-a-Service). Supported versions that are affected are 24.2.0-26.1.0. Easily exploitable vulner…

Critical vulnerability CVE-2026-46840 in Oracle REST Data Services Backend-as-a-Service component affecting versions 24.2.0-26.1.0. The vulnerability allows unauthenticated attackers with network access via HTTPS to compromise the service. This easily exploitable flaw has a maximum CVSS 3.1 Base Score of 10.0, indicating critical severity with high impact on confidentiality, integrity, and availability. Successful exploitation can result in complete takeover of Oracle REST Data Services and may significantly impact additional products due to scope change. The vulnerability requires no user interaction and no privileges, making it extremely dangerous for organizations running affected versions.