CVE-2026-46775
Oracle REST Data Services Remote Code Execution
Publication date: 2026-05-28
Last updated on: 2026-05-28
Assigner: Oracle
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| oracle | rest_data_services | From 24.2.0 (inc) to 26.1.0 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Core component of Oracle REST Data Services, affecting versions 24.2.0 through 26.1.0. It is easily exploitable by a low privileged attacker who has network access via HTTPS. The attacker can compromise Oracle REST Data Services, potentially leading to a takeover of the service.
How can this vulnerability impact me? :
Successful exploitation of this vulnerability can result in a complete takeover of Oracle REST Data Services. This can have significant impacts on confidentiality, integrity, and availability of the affected system, as indicated by the high CVSS score of 9.9. Additionally, because the scope of the attack can extend beyond Oracle REST Data Services, other connected products may also be impacted.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability allows a low privileged attacker with network access to compromise Oracle REST Data Services, potentially resulting in a complete takeover of the service.
Given the high impact on confidentiality, integrity, and availability (CVSS score 9.9), successful exploitation could lead to unauthorized access to sensitive data, data manipulation, and service disruption.
Such impacts could negatively affect compliance with data protection regulations and standards like GDPR and HIPAA, which require safeguarding the confidentiality and integrity of personal and health information.