CVE-2026-46843
Denial of Service in Oracle REST Data Services
Publication date: 2026-05-28
Last updated on: 2026-05-29
Assigner: Oracle
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| oracle | rest_data_services | From 24.2.0 (inc) to 26.1.0 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-400 | The product does not properly control the allocation and maintenance of a limited resource. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows an unauthenticated attacker to cause a partial denial of service (partial DOS) of Oracle REST Data Services, impacting availability but not confidentiality or integrity.
Since the vulnerability does not result in unauthorized access to data or data modification, it primarily affects service availability.
Compliance with standards like GDPR and HIPAA often requires maintaining availability of services, so this vulnerability could impact compliance by causing service disruptions.
However, because there is no compromise of confidentiality or integrity, the impact on data protection requirements under these regulations is limited.
Can you explain this vulnerability to me?
This vulnerability exists in the Core component of Oracle REST Data Services, affecting versions 24.2.0 through 26.1.0.
It is easily exploitable by an unauthenticated attacker who has network access via HTTPS.
Successful exploitation allows the attacker to partially deny service to Oracle REST Data Services.
How can this vulnerability impact me? :
The main impact of this vulnerability is a partial denial of service (partial DOS) on Oracle REST Data Services.
This means that an attacker could disrupt the availability of the service, potentially affecting applications or users relying on it.