Primary

Context

Oracle REST Data Services Core Vulnerability Allowing Takeover

Vulnerability

A vulnerability has been identified in Oracle REST Data Services, specifically in the Core component, affecting versions 24.2.0 through 26.1.0. This vulnerability allows a low-privileged attacker with network access via HTTPS to compromise the application. While the issue resides within Oracle REST Data Services, successful exploitation could significantly impact additional products, leading to a scope change. The vulnerability allows for the takeover of Oracle REST Data Services.

Impact

Exploitation of this vulnerability can lead to a complete takeover of the Oracle REST Data Services instance.

Remediation

Users are advised to apply the latest patches available through the Oracle Critical Security Patch Update program. Instructions for applying these patches can be found in the Oracle REST Data Services patch availability document on My Oracle Support.

Added: May 28, 2026, 9:39 PM

Updated: May 28, 2026, 9:39 PM

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

7.5

exploitability

5.2

remediation

7.7

relevance

9.2

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

7.5

exploitability

5.2

remediation

7.7

relevance

9.2

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Oracle REST Data Services Core Vulnerability Allowing Takeover

Vulnerability

Impact

Remediation

Affected Products

Oracle REST Data Services

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating