CVE-2026-35253
Modified Modified - Updated After Analysis
Oracle Macaron Tool Host Address Validation Failure

Publication date: 2026-05-06

Last updated on: 2026-05-10

Assigner: Oracle

Description
Vulnerability in the Oracle Macoron Tool product of Oracle Open Source Projects. The supported versions that is affected is v0.22.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Macaron Tool. Successful attacks of this vulnerability can result in Oracle Macaron Tool failing host address validation.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-06
Last Modified
2026-05-10
Generated
2026-06-16
AI Q&A
2026-05-06
EPSS Evaluated
2026-06-14
NVD
CVE-2026-35253
EUVD
EUVD-2026-27532
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
oracle macoron 0.22.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-346 The product does not properly verify that the source of data or communication is valid.
CWE-601 The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the Oracle Macaron Tool, an Oracle Open Source Project, specifically affecting version 0.22.0. It is an easily exploitable flaw that allows an unauthenticated attacker with network access via HTTP to compromise the tool. The main issue is that successful exploitation causes the Oracle Macaron Tool to fail in validating host addresses properly.

Impact Analysis

The impact of this vulnerability is that an attacker can compromise the Oracle Macaron Tool without authentication by exploiting the failure in host address validation. This could potentially allow unauthorized network access or manipulation of the tool's operations, leading to security risks such as unauthorized access or misuse of the tool.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-35253. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart