Skip to content
CVSS 10.0CVSS 10.0 · CRITICAL

CVE-2026-46840

Vulnerability in Oracle REST Data Services (component: Backend-as-a-Service). Supported versions that are affected are 24.2.0-26.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle REST Data Services. While the vulnerability is in Oracle REST Data Services, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle REST Data Services. CVSS 3.1 Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).

View on NVD

Analysis

A critical vulnerability (CVSS 10.0) in Oracle REST Data Services (ORDS) allows unauthenticated attackers with network access via HTTPS to take over the service. Due to a scope change in the exploit, this could potentially impact downstream connected systems. Developers and admins using Oracle's Backend-as-a-Service features should update to a non-vulnerable version immediately.

Severity

Score: 10.0(CRITICAL)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
AV: NETWORK
AC: LOW
PR: NONE
UI: NONE
S: CHANGED
C: HIGH
I: HIGH
A: HIGH
Weakness (CWE): CWE-284CWE-287CWE-306

EPSS

Probability of exploitation (next 30 days): 0.0005 (0.1%)
Percentile: 17.4%
EPSS: 2026-06-04

Affects

oracle:rest_data_services

Technical description

Vulnerability in Oracle REST Data Services (component: Backend-as-a-Service). Supported versions that are affected are 24.2.0-26.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle REST Data Services. While the vulnerability is in Oracle REST Data Services, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle REST Data Services. CVSS 3.1 Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).

Published: 5/28/2026, 9:16:33 PM
Last modified: 6/4/2026, 2:01:12 PM

References

HomeEventsBlogResourcesTeam