CVE DATABASE / CVE-2026-46839

CVE-2026-46839

CVSS 9.9 · CRITICAL

Summary

Vulnerability in Oracle REST Data Services (component: Core). Supported versions that are affected are 24.2.0-26.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle REST Data Services. While the vulnerability is in Oracle REST Data Services, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle REST Data Services. CVSS 3.1 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).

CVSS 3.1 breakdown

Base score	9.9 (CRITICAL)
Vector	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Attack vector	NETWORK
Attack complexity	LOW
Privileges required	LOW
User interaction	NONE
Scope	CHANGED
Confidentiality	HIGH
Integrity	HIGH
Availability	HIGH

Weakness type (CWE)

CWE-284

Check this CVE live

Use our free CVE Lookup tool for the latest NVD record, or browse the full CISA KEV catalog.

Our coverage

CVE-2026-46840: Oracle REST Data Services CVSS 10.0 in First Monthly CSPU

References

https://www.oracle.com/security-alerts/cspumay2026.html

Data: NIST NVD. NVD last modified 2026-05-29. Always verify against the vendor advisory before acting.