Oracle Patches Critical CVE-2026-21992 Enabling Unauthenticated RCE in Identity Manager

2026-03-21

1 min read

by info@thehackernews.com (The Hacker News)

Read Original

Get the latest tech trends every morning

Receive daily AI-curated summaries of engineering articles from top tech companies worldwide.

Endigest AI Core Summary

Oracle has patched a critical unauthenticated remote code execution vulnerability (CVE-2026-21992) affecting Oracle Identity Manager and Web Services Manager.

•CVE-2026-21992 carries a CVSS score of 9.8/10.0, classified as 'easily exploitable'
•Affects Oracle Identity Manager and Oracle Web Services Manager versions 12.2.1.4.0 and 14.1.2.1.0
•An unauthenticated attacker with HTTP network access can fully compromise affected instances
•Oracle states no evidence of in-the-wild exploitation but urges immediate patching
•A related flaw CVE-2025-61757 (CVSS 9.8) in Oracle Identity Manager was added to CISA's KEV catalog in November 2025 due to active exploitation

This summary was automatically generated by AI based on the original article and may not be fully accurate.

Oracle Patches Critical CVE-2026-21992 Enabling Unauthenticated RCE in Identity Manager

Get the latest tech trends every morning

Endigest AI Core Summary

Related Articles

China-Linked TA416 Targets European Governments with PlugX and OAuth-Based Phishing

Microsoft Details Cookie-Controlled PHP Web Shells Persisting via Cron on Linux Servers

UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack

Why Third-Party Risk Is the Biggest Gap in Your Clients' Security Posture