{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/tags/rest-data-services/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":8.1,"id":"CVE-2026-35277"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["REST Data Services (Core)"],"_cs_severities":["high"],"_cs_tags":["cve","oracle","rest data services","data breach"],"_cs_type":"advisory","_cs_vendors":["Oracle"],"content_html":"\u003cp\u003eCVE-2026-35277 is a security vulnerability affecting Oracle REST Data Services (ORDS), specifically the Core component. The vulnerability impacts versions 24.2.0 through 26.1.0. A low-privileged attacker with network access via HTTPS can exploit this vulnerability, potentially gaining unauthorized access to critical data or modifying ORDS accessible data. This could lead to significant data breaches, data manipulation, or service disruption. Successful exploitation allows attackers to create, delete, or modify critical data or all accessible data. It also allows unauthorized access to critical data or complete access to all accessible data.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker gains network access to the target Oracle REST Data Services instance via HTTPS.\u003c/li\u003e\n\u003cli\u003eAttacker authenticates to the ORDS instance with low-privileged credentials.\u003c/li\u003e\n\u003cli\u003eAttacker crafts a malicious HTTPS request, exploiting the vulnerability in the Core component. This request bypasses access controls.\u003c/li\u003e\n\u003cli\u003eThe crafted request is sent to the vulnerable ORDS endpoint.\u003c/li\u003e\n\u003cli\u003eThe ORDS Core component processes the request without proper authorization checks due to the vulnerability.\u003c/li\u003e\n\u003cli\u003eThe attacker gains unauthorized access to sensitive data within the ORDS instance.\u003c/li\u003e\n\u003cli\u003eThe attacker may create, modify, or delete data based on the level of access gained.\u003c/li\u003e\n\u003cli\u003eThe attacker may exfiltrate data or use the compromised ORDS instance to pivot to other internal systems.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-35277 can lead to significant data breaches, data manipulation, and service disruption. An attacker could gain unauthorized access to critical data stored within Oracle REST Data Services, potentially impacting confidentiality and integrity. The vulnerability allows attackers to create, delete, or modify sensitive information, leading to potential financial loss, reputational damage, and compliance violations. The CVSS 3.1 base score is 8.1, indicating a high severity level.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply the latest security patches released by Oracle to address CVE-2026-35277 on affected Oracle REST Data Services instances (versions 24.2.0 to 26.1.0).\u003c/li\u003e\n\u003cli\u003eImplement network segmentation to restrict network access to Oracle REST Data Services instances, mitigating the risk of remote exploitation.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eDetect CVE-2026-35277 Exploitation Attempt via Malicious ORDS Request\u003c/code\u003e to identify potentially malicious requests targeting the ORDS Core component.\u003c/li\u003e\n\u003cli\u003eReview and enforce strict access control policies for Oracle REST Data Services to minimize the impact of successful exploitation.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-28T21:19:30Z","date_published":"2026-05-28T21:19:30Z","id":"https://feed.craftedsignal.io/briefs/2026-05-cve-2026-35277-ords/","summary":"CVE-2026-35277 is a vulnerability in Oracle REST Data Services (Core) versions 24.2.0 to 26.1.0 that allows a low-privileged attacker with network access via HTTPS to compromise the system, leading to unauthorized data access, creation, deletion, or modification.","title":"CVE-2026-35277: Oracle REST Data Services Vulnerability Allows Unauthorized Data Access","url":"https://feed.craftedsignal.io/briefs/2026-05-cve-2026-35277-ords/"}],"language":"en","title":"CraftedSignal Threat Feed - Rest Data Services","version":"https://jsonfeed.org/version/1.1"}