PT-2026-44508 · Oracle · Oracle Rest Data Services+1

Published

2026-05-28

Updated

2026-06-03

CVE-2026-35277

CVSS v3.1

8.1

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions Oracle REST Data Services versions 24.2.0 through 26.1.0

Description An issue in the Core component allows a low privileged attacker with network access via HTTPS to compromise the system. Successful exploitation can lead to unauthorized access, creation, deletion, or modification of critical data or all data accessible by the service.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Resource Exhaustion

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400CWE-284

Related Identifiers

CVE-2026-35277

Affected Products

Oracle Rest Data Services

Rest Data Services

PT-2026-44508 · Oracle · Oracle Rest Data Services+1

CVE-2026-35277

Weakness Enumeration

Related Identifiers

Affected Products

References · 3