CVE-2026-46839
Oracle REST Data Services Remote Code Execution
Publication date: 2026-05-28
Last updated on: 2026-05-29
Assigner: Oracle
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| oracle | rest_data_services | From 24.2.0 (inc) to 26.1.0 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Core component of Oracle REST Data Services, affecting versions 24.2.0 through 26.1.0.
It allows a low privileged attacker with network access via HTTPS to exploit the system easily.
Successful exploitation can lead to a complete takeover of Oracle REST Data Services.
The vulnerability has a high severity with a CVSS 3.1 base score of 9.9, impacting confidentiality, integrity, and availability.
How can this vulnerability impact me? :
If exploited, this vulnerability can result in an attacker taking over Oracle REST Data Services.
This takeover can compromise the confidentiality, integrity, and availability of the affected system.
Because the scope of the attack may extend beyond Oracle REST Data Services, additional products could also be significantly impacted.