CVE-2026-35253
Oracle Macaron Tool Host Address Validation Failure
Publication date: 2026-05-06
Last updated on: 2026-05-06
Assigner: Oracle
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| oracle | macoron | 0.22.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-601 | The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Oracle Macaron Tool, an Oracle Open Source Project, specifically affecting version 0.22.0. It is an easily exploitable flaw that allows an unauthenticated attacker with network access via HTTP to compromise the tool. The main issue is that successful exploitation causes the Oracle Macaron Tool to fail in validating host addresses properly.
How can this vulnerability impact me? :
The impact of this vulnerability is that an attacker can compromise the Oracle Macaron Tool without authentication by exploiting the failure in host address validation. This could potentially allow unauthorized network access or manipulation of the tool's operations, leading to security risks such as unauthorized access or misuse of the tool.