QSearchQSearch

CVE-2026-46830

5.3 MEDIUM

Vulnerability in Oracle REST Data Services (component: Mongoapi)

Published: 2026-05-28 · Last updated: 2026-06-03

Severity and scoring

CVSS
5.3 MEDIUM
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CWE
CWE-200

Affected products

VendorProduct
oraclerest_data_services

Description

Vulnerability in Oracle REST Data Services (component: Mongoapi). Supported versions that are affected are 24.2.0-26.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle REST Data Services. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle REST Data Services accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).

Source: NVD

References

Related CVEs

Same vendor

  • CVE-2026-35273 Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Updates Environment Management) (9.8 CRITICAL)
  • CVE-2026-46843 Vulnerability in Oracle REST Data Services (component: Core) (5.3 MEDIUM)
  • CVE-2026-46842 Vulnerability in Oracle REST Data Services (component: Core) (5.3 MEDIUM)
  • CVE-2026-46841 Vulnerability in Oracle REST Data Services (component: General) (5.3 MEDIUM)
  • CVE-2026-46840 Vulnerability in Oracle REST Data Services (component: Backend-as-a-Service) (10.0 CRITICAL)

Same CWE

  • CVE-2026-8385 The WP Go Maps WordPress plugin before 10.0.10 does not properly enforce the marker approval filter on the admin-ajax fallback for its d... (5.3 MEDIUM)
  • CVE-2026-12203 A vulnerability was found in HKUDS AI-Trader up to 74caf996f78dcc0c657df8365c8544678a16e215 (5.3 MEDIUM)
  • CVE-2026-49397 Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool (5.3 MEDIUM)
  • CVE-2026-47124 Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool (6.5 MEDIUM)
  • CVE-2026-54396 An information disclosure vulnerability exists in the MISP AuthKey edit functionality