PT-2026-44531 · Oracle · Oracle Rest Data Services

Published

2026-05-28

Updated

2026-06-13

CVE-2026-46840

CVSS v3.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Oracle REST Data Services versions 24.2.0 through 26.1.0

Description An issue exists in the Backend-as-a-Service component of Oracle REST Data Services. An unauthenticated attacker with network access via HTTPS can exploit this flaw to compromise the system, potentially leading to a full takeover of Oracle REST Data Services. The attack may also significantly impact additional products due to a scope change.

Recommendations For versions 24.2.0 through 26.1.0, apply the available patch to resolve the issue.

Fix

Improper Access Control

Improper Authentication

Missing Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284CWE-287CWE-306

Related Identifiers

CVE-2026-46840

Affected Products

Oracle Rest Data Services

PT-2026-44531 · Oracle · Oracle Rest Data Services

CVE-2026-46840

Weakness Enumeration

Related Identifiers

Affected Products

References · 12