Skip to content
CVSS 10.0CVSS 10.0 · CRITICAL

CVE-2026-46840

Vulnerability in Oracle REST Data Services (component: Backend-as-a-Service). Supported versions that are affected are 24.2.0-26.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle REST Data Services. While the vulnerability is in Oracle REST Data Services, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle REST Data Services. CVSS 3.1 Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).

Ver en NVD

Análisis

A critical vulnerability (CVSS 10.0) in Oracle REST Data Services (ORDS) allows unauthenticated attackers with network access via HTTPS to take over the service. Due to a scope change in the exploit, this could potentially impact downstream connected systems. Developers and admins using Oracle's Backend-as-a-Service features should update to a non-vulnerable version immediately.

Severidad

Puntaje: 10.0(CRITICAL)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
AV: NETWORK
AC: LOW
PR: NONE
UI: NONE
S: CHANGED
C: HIGH
I: HIGH
A: HIGH
Tipo de falla (CWE): CWE-284CWE-287CWE-306

EPSS

Probabilidad de explotación (próx. 30 días): 0.0005 (0.1%)
Percentil: 17.4%
EPSS: 2026-06-04

Afecta

oracle:rest_data_services

Descripción técnica

Vulnerability in Oracle REST Data Services (component: Backend-as-a-Service). Supported versions that are affected are 24.2.0-26.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle REST Data Services. While the vulnerability is in Oracle REST Data Services, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle REST Data Services. CVSS 3.1 Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).

Publicada: 28/5/2026, 21:16:33
Última modificación: 4/6/2026, 14:01:12

Referencias

InicioEventosBlogRecursosEquipo