CVE-2026-46842

5.3 MEDIUM

Vulnerability in Oracle REST Data Services (component: Core)

Published: 2026-05-28 · Last updated: 2026-06-03

Severity and scoring

CVSS: 5.3 MEDIUM
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CWE: CWE-284

Affected products

Vendor	Product
oracle	rest_data_services

Description

Vulnerability in Oracle REST Data Services (component: Core). Supported versions that are affected are 24.2.0-26.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle REST Data Services. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle REST Data Services accessible data. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).

Source: NVD

References

[NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-46842
[Vendor advisory]https://www.oracle.com/security-alerts/cspumay2026.html

Related CVEs

Same vendor

CVE-2026-46843 — Vulnerability in Oracle REST Data Services (component: Core) (5.3 MEDIUM)
CVE-2026-46841 — Vulnerability in Oracle REST Data Services (component: General) (5.3 MEDIUM)
CVE-2026-46840 — Vulnerability in Oracle REST Data Services (component: Backend-as-a-Service) (10.0 CRITICAL)
CVE-2026-46839 — Vulnerability in Oracle REST Data Services (component: Core) (9.9 CRITICAL)
CVE-2026-46837 — Vulnerability in the Oracle Flow Manufacturing product of Oracle E-Business Suite (component: Security) (8.8 HIGH)

Same CWE

CVE-2026-46695 — Boxlite is a sandbox service that allows users to create lightweight virtual machines (Boxes) and launch OCI containers within them to ru... (10.0 CRITICAL)
CVE-2026-50564 — Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes (9.9 CRITICAL)
CVE-2026-50563 — Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes (9.9 CRITICAL)
CVE-2026-50545 — Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes (9.9 CRITICAL)
CVE-2026-49824 — Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes (8.5 HIGH)