Oracle Fusion Middleware RCE Vulnerability (CVE-2026-21992)
CVE-2026-21992 allows an unauthenticated attacker to gain network access via HTTP and execute code remotely on Oracle Identity Manager and Oracle Web Services Manager.
On March 20, 2026, Oracle disclosed CVE-2026-21992, a critical vulnerability (CVSS score of 9.8) affecting Oracle Fusion Middleware, specifically Oracle Identity Manager and Oracle Web Services Manager. The vulnerability stems from a lack of network-level authentication, allowing unauthenticated attackers to exploit exposed critical functions via HTTP. Successful exploitation allows for remote code execution. While there are currently no reports of active exploitation, the potential impact…
Detection coverage 2
Detect Suspicious HTTP Request to Oracle Fusion Middleware
highDetects suspicious HTTP requests to Oracle Fusion Middleware components that may indicate exploitation attempts of CVE-2026-21992
Detect Oracle Web Services Manager RCE via HTTP Request
criticalDetects suspicious HTTP requests to Oracle Web Services Manager components that may indicate exploitation attempts of CVE-2026-21992, looking for specific URIs often targeted in web exploits.
Detection queries are kept inside the platform. Get full rules →