Primary

Context

Oracle REST Data Services Core Unauthenticated Data Manipulation Vulnerability

Vulnerability

A vulnerability exists in Oracle REST Data Services, specifically in the Core component, affecting versions 24.2.0 prior to 26.1.0. This vulnerability allows an unauthenticated attacker with network access via HTTPS to compromise the application. Successful exploitation could lead to unauthorized modifications, including updates, inserts, or deletions, of certain accessible data within Oracle REST Data Services.

Impact

Exploitation of this vulnerability could result in unauthorized changes to some data accessible through Oracle REST Data Services.

Remediation

Users can apply the patch available through the Oracle Critical Security Patch Update program. Instructions for applying this patch can be found in the Oracle REST Data Services patch availability document on My Oracle Support.

Added: May 28, 2026, 9:37 PM

Updated: May 28, 2026, 9:37 PM

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

0.6

exploitability

7.4

remediation

7.7

relevance

9.2

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

0.6

exploitability

7.4

remediation

7.7

relevance

9.2

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Oracle REST Data Services Core Unauthenticated Data Manipulation Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Oracle REST Data Services

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating