{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2026-46829/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":7.5,"id":"CVE-2026-46829"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["REST Data Services (24.2.0-26.1.0)"],"_cs_severities":["medium"],"_cs_tags":["dos","oracle","rest","CVE-2026-46829"],"_cs_type":"advisory","_cs_vendors":["Oracle"],"content_html":"\u003cp\u003eCVE-2026-46829 describes a vulnerability within the Mongoapi component of Oracle REST Data Services (ORDS). The vulnerability affects versions 24.2.0 through 26.1.0. This easily exploitable flaw allows an unauthenticated attacker with network access via HTTPS to compromise an ORDS instance, resulting in a complete denial-of-service condition. Successful exploitation leads to a hang or frequent repeatable crash of the ORDS service, impacting availability. This vulnerability poses a risk to organizations relying on ORDS for RESTful access to Oracle databases, potentially disrupting critical applications and services.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker identifies a vulnerable Oracle REST Data Services instance exposed over HTTPS.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious HTTPS request targeting the Mongoapi component.\u003c/li\u003e\n\u003cli\u003eThe crafted request exploits a flaw in the Mongoapi component related to handling of requests.\u003c/li\u003e\n\u003cli\u003eThe vulnerable code path within Mongoapi is triggered by the malicious request.\u003c/li\u003e\n\u003cli\u003eThe exploited code path leads to excessive resource consumption within the ORDS process.\u003c/li\u003e\n\u003cli\u003eThe excessive resource consumption causes the ORDS service to become unresponsive.\u003c/li\u003e\n\u003cli\u003eThe ORDS service either hangs indefinitely or crashes repeatedly.\u003c/li\u003e\n\u003cli\u003eLegitimate users are unable to access data and services provided by the ORDS instance, resulting in a denial of service.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-46829 results in a complete denial of service. This means that the Oracle REST Data Services instance becomes unavailable, disrupting any applications or services that rely on it. The vulnerability allows unauthenticated remote attackers to crash the service, causing downtime and potential data access issues. The severity of the impact will depend on the criticality of the affected ORDS instance.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply the latest patch or upgrade to a non-vulnerable version of Oracle REST Data Services to remediate CVE-2026-46829.\u003c/li\u003e\n\u003cli\u003eMonitor network traffic for suspicious HTTPS requests targeting the Mongoapi component of Oracle REST Data Services using the \u0026quot;Detect CVE-2026-46829 Exploitation Attempt\u0026quot; Sigma rule.\u003c/li\u003e\n\u003cli\u003eImplement rate limiting on the ORDS instance to mitigate potential denial-of-service attacks.\u003c/li\u003e\n\u003cli\u003eReview access controls and network segmentation to limit exposure of Oracle REST Data Services instances.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-28T21:21:25Z","date_published":"2026-05-28T21:21:25Z","id":"https://feed.craftedsignal.io/briefs/2026-05-cve-2026-46829-ords-dos/","summary":"An unauthenticated attacker with network access via HTTPS can exploit CVE-2026-46829 in Oracle REST Data Services versions 24.2.0 through 26.1.0, leading to a denial of service.","title":"CVE-2026-46829: Oracle REST Data Services Unauthenticated Denial of Service","url":"https://feed.craftedsignal.io/briefs/2026-05-cve-2026-46829-ords-dos/"}],"language":"en","title":"CraftedSignal Threat Feed - CVE-2026-46829","version":"https://jsonfeed.org/version/1.1"}