Overview
Oracle has released security updates to address a critical security flaw impacting Identity Manager and Web Services Manager that could be exploited to achieve remote code execution. The vulnerability, tracked as CVE-2026-21992, carries a CVSS score of 9.8 out of a maximum of 10.0. "This vulnerability is remotely exploitable without authentication," Oracle said in an advisory.
Vulnerability Details
- CVE-2026-21992: Referenced in source reporting from thehackernews, thehackernews.
Organisations Involved
The following organisations are mentioned in relation to this incident: Enabling Unauthenticated, Identity Manager, Identity Manager
Oracle, Oracle, Oracle Patches Critical, Web Services Manager.
Multi-Source Coverage
This event has been reported across multiple outlets:
- Oracle Patches Critical CVE-2026-21992 Enabling Unauthenticated RCE in Identity Manager — thehackernews
Sources: thehackernews. Aggregated by Cybernews Agency pipeline.