CVE-2026-46843

5.3 MEDIUM

Vulnerability in Oracle REST Data Services (component: Core)

Published: 2026-05-28 · Last updated: 2026-06-03

Severity and scoring

CVSS: 5.3 MEDIUM
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CWE: CWE-400

Affected products

Vendor	Product
oracle	rest_data_services

Description

Vulnerability in Oracle REST Data Services (component: Core). Supported versions that are affected are 24.2.0-26.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle REST Data Services. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle REST Data Services. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

Source: NVD

References

[NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-46843
[Vendor advisory]https://www.oracle.com/security-alerts/cspumay2026.html

Related CVEs

Same vendor

CVE-2026-46842 — Vulnerability in Oracle REST Data Services (component: Core) (5.3 MEDIUM)
CVE-2026-46841 — Vulnerability in Oracle REST Data Services (component: General) (5.3 MEDIUM)
CVE-2026-46840 — Vulnerability in Oracle REST Data Services (component: Backend-as-a-Service) (10.0 CRITICAL)
CVE-2026-46839 — Vulnerability in Oracle REST Data Services (component: Core) (9.9 CRITICAL)
CVE-2026-46837 — Vulnerability in the Oracle Flow Manufacturing product of Oracle E-Business Suite (component: Security) (8.8 HIGH)

Same CWE

CVE-2026-47734 — Dulwich is a pure-Python implementation of the Git file formats and protocols (5.7 MEDIUM)
CVE-2026-46689 — Kanidm is an identity management platform
CVE-2026-46679 — libp2p is a JavaScript Implementation of libp2p networking stack (7.5 HIGH)
CVE-2026-46522 — ImageMagick is free and open-source software used for editing and manipulating digital images (7.5 HIGH)
CVE-2026-45783 — libp2p is a JavaScript Implementation of libp2p networking stack (7.5 HIGH)