Skip to content
Threat Feed
high advisory

CVE-2026-35277: Oracle REST Data Services Vulnerability Allows Unauthorized Data Access

CVE-2026-35277 is a vulnerability in Oracle REST Data Services (Core) versions 24.2.0 to 26.1.0 that allows a low-privileged attacker with network access via HTTPS to compromise the system, leading to unauthorized data access, creation, deletion, or modification.

CVE-2026-35277 is a security vulnerability affecting Oracle REST Data Services (ORDS), specifically the Core component. The vulnerability impacts versions 24.2.0 through 26.1.0. A low-privileged attacker with network access via HTTPS can exploit this vulnerability, potentially gaining unauthorized access to critical data or modifying ORDS accessible data. This could lead to significant data breaches, data manipulation, or service disruption. Successful exploitation allows attackers to create, delete, or modify critical data or all accessible data. It also allows unauthorized access to critical data or complete access to all accessible data.

Attack Chain

  1. Attacker gains network access to the target Oracle REST Data Services instance via HTTPS.
  2. Attacker authenticates to the ORDS instance with low-privileged credentials.
  3. Attacker crafts a malicious HTTPS request, exploiting the vulnerability in the Core component. This request bypasses access controls.
  4. The crafted request is sent to the vulnerable ORDS endpoint.
  5. The ORDS Core component processes the request without proper authorization checks due to the vulnerability.
  6. The attacker gains unauthorized access to sensitive data within the ORDS instance.
  7. The attacker may create, modify, or delete data based on the level of access gained.
  8. The attacker may exfiltrate data or use the compromised ORDS instance to pivot to other internal systems.

Impact

Successful exploitation of CVE-2026-35277 can lead to significant data breaches, data manipulation, and service disruption. An attacker could gain unauthorized access to critical data stored within Oracle REST Data Services, potentially impacting confidentiality and integrity. The vulnerability allows attackers to create, delete, or modify sensitive information, leading to potential financial loss, reputational damage, and compliance violations. The CVSS 3.1 base score is 8.1, indicating a high severity level.

Recommendation

  • Apply the latest security patches released by Oracle to address CVE-2026-35277 on affected Oracle REST Data Services instances (versions 24.2.0 to 26.1.0).
  • Implement network segmentation to restrict network access to Oracle REST Data Services instances, mitigating the risk of remote exploitation.
  • Deploy the Sigma rule Detect CVE-2026-35277 Exploitation Attempt via Malicious ORDS Request to identify potentially malicious requests targeting the ORDS Core component.
  • Review and enforce strict access control policies for Oracle REST Data Services to minimize the impact of successful exploitation.

Detection coverage 2

Detect CVE-2026-35277 Exploitation Attempt via Malicious ORDS Request

high

Detects CVE-2026-35277 exploitation attempt via HTTP request to Oracle REST Data Services with suspicious URI or query parameters indicating unauthorized access.

sigma tactics: initial_access techniques: T1190 sources: webserver

Detect CVE-2026-35277 Exploitation - Unauthorized Data Access via ORDS

medium

Detects CVE-2026-35277 exploitation leading to unauthorized data access via Oracle REST Data Services by monitoring for abnormal HTTP status codes associated with sensitive ORDS endpoints.

sigma tactics: credential_access techniques: T1078 sources: webserver

Detection queries are available on the platform. Get full rules →