CVE-2026-35266

Name of the Vulnerable Software and Affected Versions Oracle REST Data Services versions 24.2.0 through 26.1.0

Description An issue in the Core component allows a low privileged attacker with network access via HTTPS to compromise the system. Exploitation is difficult and requires human interaction from a person other than the attacker. While the flaw exists within Oracle REST Data Services, successful attacks may impact additional products. This can lead to unauthorized access, creation, deletion, or modification of critical data and all accessible data, as well as the ability to cause a partial denial of service (DOS), which is a condition where the system becomes partially unavailable to its intended users.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.