The Hacker News

Oracle Patches Critical CVE-2026-21992 Enabling Unauthenticated RCE in Identity Manager

Oracle fixes CVE-2026-21992 (CVSS 9.8) flaw enabling unauthenticated RCE via HTTP, risking full system compromise.

Oracle pushes emergency fix for critical Identity Manager RCE flaw

Oracle has released an out-of-band security update to fix a critical unauthenticated remote code execution vulnerability in Identity Manager and Web Services Manager tracked as CVE-2026-21992.
The Tech Edvocate

Urgent Action Required: Oracle Addresses Critical RCE Vulnerability in Identity Manager

Spread the loveIn a significant development for cybersecurity professionals and organizations using Oracle software, the tech giant has recently released critical patches for a serious vulnerability ...
Dark Reading

Patch Now: Oracle's Fusion Middleware Has Critical RCE Flaw

Attackers can execute arbitrary code without authentication if Oracle's Identity or Web Services Managers are exposed to the Web.

Oracle Identity Manager: Out-of-band update against code smuggling vulnerability

Oracle has released an emergency update for Identity Manager and Web Services Manager to close a code smuggling vulnerability ...