1. Home
  2. Vulnerabilities
  3. CVE-2026-21992
9.8
CRITICAL CVSS 3.1
CVE-2026-21992
Overview
Description

Vulnerability in the Oracle Identity Manager product of Oracle Fusion Middleware (component: REST WebServices) and Oracle Web Services Manager product of Oracle Fusion Middleware (component: Web Services Security). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Identity Manager and Oracle Web Services Manager. Successful attacks of this vulnerability can result in takeover of Oracle Identity Manager and Oracle Web Services Manager. Note: Oracle Web Services Manager is installed with an Oracle Fusion Middleware Infrastructure. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Details
INFO

Published Date :

March 20, 2026, 3:15 a.m.

Last Modified :

March 23, 2026, 3:30 p.m.

Remotely Exploit :

Yes !

Source :

[email protected]
Impact
Affected Products

The following products are affected by CVE-2026-21992 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Oracle identity_manager
2 Oracle web_services_manager
: Total Affected Vendor : 1 | Products : 2
Scoring
CVSS Scores
The Common Vulnerability Scoring System is a standardized framework for assessing the severity of vulnerabilities in software and systems. We collect and displays CVSS scores from various sources for each CVE.
Score Version Severity Vector Exploitability Score Impact Score Source
CVSS 3.1 CRITICAL [email protected]
Public PoC/Exploit Available at Github

CVE-2026-21992 has a 3 public PoC/Exploit available at Github. Go to the Public Exploits tab to see the list.

References
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2026-21992.

URL Resource
https://www.oracle.com/security-alerts/alert-cve-2026-21992.html Vendor Advisory
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2026-21992 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2026-21992 weaknesses.

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Profile Photo
TEXploited/CVE-2026-21992

CVE-2026-21992-Poc

Updated: 2 weeks, 6 days ago
1 stars 0 fork 0 watcher
Born at : March 20, 2026, 11:41 a.m. This repo has been linked 2 different CVEs too.
Profile Photo
ThePhoenixAgency/AI-Pulse

Curated AI news aggregator from premium sources - Auto-updated with webhook, paginated display

actions aggregator ai app cybersecurity github newspaper ethanbernier phoenixagency phoenixproject cyber-security iot artificial-intelligence pulse apple isg macos

JavaScript PLpgSQL HTML CSS Shell

Updated: 2 weeks, 4 days ago
3 stars 1 fork 1 watcher
Born at : Dec. 10, 2025, 5:35 a.m. This repo has been linked 2 different CVEs too.
Profile Photo
tricrck/tricrck

Cringe AF not gonna lie

Python

Updated: 2 weeks, 5 days ago
0 stars 0 fork 0 watcher
Born at : Oct. 13, 2025, 11:47 a.m. This repo has been linked 1 different CVEs too.

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2026-21992 vulnerability anywhere in the article.

  • Daily CyberSecurity
CISA Issues Emergency Mandate as Critical 9.3 NetScaler Flaw “Bleeds” Admin Sessions

Image: watchTowr The Cybersecurity and Infrastructure Security Agency (CISA) has officially added a critical vulnerability impacting Citrix NetScaler ADC and Gateway to its Known Exploited Vulnerabili ... Read more

Published Date: Mar 31, 2026 (1 week, 2 days ago)
  • Help Net Security
Week in review: NIST updates DNS security guidance, compromised LiteLLM PyPI packages

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: NIST updates its DNS security guidance for the first time in over a decade DNS infrastructure underpin ... Read more

Published Date: Mar 29, 2026 (1 week, 4 days ago)
  • The Cyber Express
PTC Warns of Critical Windchill, FlexPLM Flaw Enabling Remote Code Execution

PTC has issued an urgent advisory regarding a critical Windchill and FlexPLM vulnerability that exposes affected systems to Remote Code Execution (RCE). The flaw, identified as CVE-2026-4681, has been ... Read more

Published Date: Mar 25, 2026 (2 weeks, 1 day ago)
  • The Cyber Express
Dutch Finance Ministry Investigates Data Breach in Internal Systems

The Ministry of Finance cyberattack in the Netherlands has once again highlighted a growing concern: even critical government systems are struggling to stay ahead of increasingly advanced threats. Whi ... Read more

Published Date: Mar 25, 2026 (2 weeks, 1 day ago)
  • TheCyberThrone
CVE-2026-3055 – Citrix NetScaler Critical SAML IDP Memory Leak

March 24, 2026OverviewOn March 23, 2026, Citrix published a security advisory for a critical vulnerability affecting NetScaler ADC and NetScaler Gateway. CVE-2026-3055 is classified as an out-of-bound ... Read more

Published Date: Mar 24, 2026 (2 weeks, 2 days ago)
  • The Cyber Express
Oracle Issues Emergency Patch for Critical Flaw Enabling Remote Code Execution

Oracle has released an emergency out‑of‑band patch to address a critical vulnerability, tracked as CVE‑2026‑21992, that affects two core enterprise products: Oracle Identity Manager and Oracle Web Ser ... Read more

Published Date: Mar 24, 2026 (2 weeks, 2 days ago)
  • Help Net Security
Attackers are handing off access in 22 seconds, Mandiant finds

Exploits remain the leading entry point for attackers for the sixth consecutive year, according to Mandiant’s M-Trends 2026 report, which draws on more than 500,000 hours of incident response work con ... Read more

Published Date: Mar 24, 2026 (2 weeks, 2 days ago)
  • TheCyberThrone
Quest KACE SMA flaw CVE-2025-32975 Actively Exploited

March 23, 2026OverviewCVE-2025-32975 is a critical authentication bypass vulnerability in Quest KACE SMA’s SSO authentication handling mechanism. The root cause lies in improper validation of authenti ... Read more

Published Date: Mar 23, 2026 (2 weeks, 3 days ago)
  • The Hacker News
⚡ Weekly Recap: CI/CD Backdoor, FBI Buys Location Data, WhatsApp Ditches Numbers & More

Another week, another reminder that the internet is still a mess. Systems people thought were secure are being broken in simple ways, showing many still ignore basic advisories. This edition covers a ... Read more

Published Date: Mar 23, 2026 (2 weeks, 3 days ago)
  • Help Net Security
Oracle issues emergency fix for pre-auth RCE in Identity Manager (CVE-2026-21992)

Oracle has released an out-of-band patch for a critical and easily exploitable vulnerability (CVE-2026-21992) in Oracle Identity Manager and Oracle Web Services Manager. The company did not say whethe ... Read more

Published Date: Mar 23, 2026 (2 weeks, 3 days ago)
  • TheCyberThrone
Oracle Patches CVE-2026-21992 — Unauthenticated RCE

OverviewOracle has released security updates to address a critical vulnerability impacting Oracle Identity Manager and Oracle Web Services Manager that could be exploited to achieve remote code execut ... Read more

Published Date: Mar 22, 2026 (2 weeks, 4 days ago)
  • The Hacker News
Oracle Patches Critical CVE-2026-21992 Enabling Unauthenticated RCE in Identity Manager

Oracle has released security updates to address a critical security flaw impacting Identity Manager and Web Services Manager that could be exploited to achieve remote code execution. The vulnerability ... Read more

Published Date: Mar 21, 2026 (2 weeks, 5 days ago)
  • Daily CyberSecurity
Critical 9.3 CVSS Flaw in QNAP QVR Pro Exposes Surveillance Systems

QNAP Systems, Inc. has issued a critical security advisory for users of its QVR Pro surveillance solution. A high-severity vulnerability, tracked as CVE-2026-22898 with a CVSS score of 9.3, could allo ... Read more

Published Date: Mar 21, 2026 (2 weeks, 5 days ago)
  • Daily CyberSecurity
Critical 9.8 CVSS Flaw Exposes Oracle Identity Manager to Total Takeover

Oracle has issued an urgent security alert following the discovery of a “Critical” rated vulnerability impacting its Fusion Middleware ecosystem. The flaw, tracked as CVE-2026-21992, carries a CVSS sc ... Read more

Published Date: Mar 21, 2026 (2 weeks, 5 days ago)
  • CybersecurityNews
Oracle Issues Urgent Security Update for Critical RCE Flaw in Identity Manager and Web Services Manager

Oracle has issued an out-of-band Security Alert addressing a critical remote code execution (RCE) vulnerability, CVE-2026-21992, affecting two widely deployed Fusion Middleware components, Oracle Iden ... Read more

Published Date: Mar 21, 2026 (2 weeks, 5 days ago)
  • security.nl
Oracle komt met noodpatch voor kritiek lek in Identity en Web Services Manager

Oracle heeft buiten de vaste patchcyclus om een noodpatch uitgebracht voor een kritieke kwetsbaarheid in Oracle Identity Manager en Oracle Web Services Manager. Het beveiligingslek (CVE-2026-21992) m ... Read more

Published Date: Mar 20, 2026 (2 weeks, 5 days ago)

Results are limited to the first 20 news articles due to potential performance issues.

The following table lists the changes that have been made to the CVE-2026-21992 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • Initial Analysis by [email protected]

    Mar. 23, 2026

    Action Type Old Value New Value
    Added CPE Configuration OR *cpe:2.3:a:oracle:identity_manager:12.2.1.4.0:*:*:*:*:*:*:* *cpe:2.3:a:oracle:web_services_manager:12.2.1.4.0:*:*:*:*:*:*:* *cpe:2.3:a:oracle:identity_manager:14.1.2.1.0:*:*:*:*:*:*:* *cpe:2.3:a:oracle:web_services_manager:14.1.2.1.0:*:*:*:*:*:*:*
    Added Reference Type Oracle: https://www.oracle.com/security-alerts/alert-cve-2026-21992.html Types: Vendor Advisory
  • CVE Modified by [email protected]

    Mar. 20, 2026

    Action Type Old Value New Value
    Changed Description Vulnerability in the Oracle Identity Manager product of Oracle Fusion Middleware (component: REST WebServices) and Oracle Web Services Manager product of Oracle Fusion Middleware (component: Web Services Security). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Identity Manager and Oracle Web Services Manager. Successful attacks of this vulnerability can result in takeover of Oracle Identity Manager and Oracle Web Services Manager. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Vulnerability in the Oracle Identity Manager product of Oracle Fusion Middleware (component: REST WebServices) and Oracle Web Services Manager product of Oracle Fusion Middleware (component: Web Services Security). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Identity Manager and Oracle Web Services Manager. Successful attacks of this vulnerability can result in takeover of Oracle Identity Manager and Oracle Web Services Manager. Note: Oracle Web Services Manager is installed with an Oracle Fusion Middleware Infrastructure. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
  • CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0

    Mar. 20, 2026

    Action Type Old Value New Value
    Added CWE CWE-306
  • New CVE Received by [email protected]

    Mar. 20, 2026

    Action Type Old Value New Value
    Added Description Vulnerability in the Oracle Identity Manager product of Oracle Fusion Middleware (component: REST WebServices) and Oracle Web Services Manager product of Oracle Fusion Middleware (component: Web Services Security). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Identity Manager and Oracle Web Services Manager. Successful attacks of this vulnerability can result in takeover of Oracle Identity Manager and Oracle Web Services Manager. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
    Added CVSS V3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    Added Reference https://www.oracle.com/security-alerts/alert-cve-2026-21992.html
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
CVSS
Vulnerability Scoring Details
Base CVSS Score: 9.8
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact