Primary

Context

Oracle REST Data Services Mongoapi Vulnerability Allowing Unauthorized Data Access

Vulnerability

Patched

A vulnerability exists in Oracle REST Data Services, specifically in the Mongoapi component, affecting versions 24.2.0 prior to 26.1.0. This vulnerability allows an unauthenticated attacker with network access via HTTPS to compromise the service. Successful exploitation can lead to unauthorized read access to a subset of data accessible through Oracle REST Data Services.

Impact

Exploitation of this vulnerability could result in unauthorized access to certain data within Oracle REST Data Services.

Remediation

Users are advised to apply the latest patches available through the Oracle Critical Security Patch Update. Instructions for applying these patches can be found in the Oracle REST Data Services patch availability document on My Oracle Support.

Added: May 28, 2026, 9:42 PM

Updated: May 28, 2026, 9:42 PM

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

0.6

exploitability

7.4

remediation

8.3

relevance

9.2

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

0.6

exploitability

7.4

remediation

8.3

relevance

9.2

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Oracle REST Data Services Mongoapi Vulnerability Allowing Unauthorized Data Access

Vulnerability

Impact

Remediation

Affected Products

Oracle REST Data Services

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating