CVE-2026-46841
Oracle REST Data Services Information Disclosure
Publication date: 2026-05-28
Last updated on: 2026-05-29
Assigner: Oracle
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| oracle | rest_data_services | From 24.2.0 (inc) to 26.1.0 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-200 | The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in Oracle REST Data Services, specifically affecting versions 24.2.0 through 26.1.0. It is an easily exploitable flaw that allows an unauthenticated attacker with network access via HTTPS to compromise the service.
Successful exploitation can lead to unauthorized read access to some of the data accessible through Oracle REST Data Services.
How can this vulnerability impact me? :
The main impact of this vulnerability is unauthorized disclosure of data. An attacker can gain read access to certain data without authentication, which compromises confidentiality.
There is no impact on data integrity or availability according to the CVSS score.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability allows an unauthenticated attacker with network access via HTTPS to gain unauthorized read access to a subset of Oracle REST Data Services accessible data.
Such unauthorized data access could potentially lead to violations of data protection regulations and standards such as GDPR and HIPAA, which require strict controls over access to sensitive and personal data.
Therefore, if the compromised data includes personal or protected health information, this vulnerability could negatively impact compliance with these regulations by exposing confidential information without authorization.