<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/"><channel><title>Rest - CraftedSignal Threat Feed</title><link>https://feed.craftedsignal.io/tags/rest/</link><description>Trending threats, MITRE ATT&amp;CK coverage, and detection metadata. Fed continuously.</description><generator>Hugo</generator><language>en</language><managingEditor>hello@craftedsignal.io</managingEditor><webMaster>hello@craftedsignal.io</webMaster><lastBuildDate>Thu, 28 May 2026 21:21:25 +0000</lastBuildDate><atom:link href="https://feed.craftedsignal.io/tags/rest/feed.xml" rel="self" type="application/rss+xml"/><item><title>CVE-2026-46829: Oracle REST Data Services Unauthenticated Denial of Service</title><link>https://feed.craftedsignal.io/briefs/2026-05-cve-2026-46829-ords-dos/</link><pubDate>Thu, 28 May 2026 21:21:25 +0000</pubDate><author>hello@craftedsignal.io</author><guid isPermaLink="true">https://feed.craftedsignal.io/briefs/2026-05-cve-2026-46829-ords-dos/</guid><description>An unauthenticated attacker with network access via HTTPS can exploit CVE-2026-46829 in Oracle REST Data Services versions 24.2.0 through 26.1.0, leading to a denial of service.</description><content:encoded><![CDATA[<p>CVE-2026-46829 describes a vulnerability within the Mongoapi component of Oracle REST Data Services (ORDS). The vulnerability affects versions 24.2.0 through 26.1.0. This easily exploitable flaw allows an unauthenticated attacker with network access via HTTPS to compromise an ORDS instance, resulting in a complete denial-of-service condition. Successful exploitation leads to a hang or frequent repeatable crash of the ORDS service, impacting availability. This vulnerability poses a risk to organizations relying on ORDS for RESTful access to Oracle databases, potentially disrupting critical applications and services.</p>
<h2 id="attack-chain">Attack Chain</h2>
<ol>
<li>The attacker identifies a vulnerable Oracle REST Data Services instance exposed over HTTPS.</li>
<li>The attacker crafts a malicious HTTPS request targeting the Mongoapi component.</li>
<li>The crafted request exploits a flaw in the Mongoapi component related to handling of requests.</li>
<li>The vulnerable code path within Mongoapi is triggered by the malicious request.</li>
<li>The exploited code path leads to excessive resource consumption within the ORDS process.</li>
<li>The excessive resource consumption causes the ORDS service to become unresponsive.</li>
<li>The ORDS service either hangs indefinitely or crashes repeatedly.</li>
<li>Legitimate users are unable to access data and services provided by the ORDS instance, resulting in a denial of service.</li>
</ol>
<h2 id="impact">Impact</h2>
<p>Successful exploitation of CVE-2026-46829 results in a complete denial of service. This means that the Oracle REST Data Services instance becomes unavailable, disrupting any applications or services that rely on it. The vulnerability allows unauthenticated remote attackers to crash the service, causing downtime and potential data access issues. The severity of the impact will depend on the criticality of the affected ORDS instance.</p>
<h2 id="recommendation">Recommendation</h2>
<ul>
<li>Apply the latest patch or upgrade to a non-vulnerable version of Oracle REST Data Services to remediate CVE-2026-46829.</li>
<li>Monitor network traffic for suspicious HTTPS requests targeting the Mongoapi component of Oracle REST Data Services using the &quot;Detect CVE-2026-46829 Exploitation Attempt&quot; Sigma rule.</li>
<li>Implement rate limiting on the ORDS instance to mitigate potential denial-of-service attacks.</li>
<li>Review access controls and network segmentation to limit exposure of Oracle REST Data Services instances.</li>
</ul>
]]></content:encoded><category domain="severity">medium</category><category domain="type">advisory</category><category>dos</category><category>oracle</category><category>rest</category><category>CVE-2026-46829</category></item><item><title>CVE-2026-46840 - Oracle REST Data Services Takeover Vulnerability</title><link>https://feed.craftedsignal.io/briefs/2026-05-cve-2026-46840-ords/</link><pubDate>Thu, 28 May 2026 21:19:02 +0000</pubDate><author>hello@craftedsignal.io</author><guid isPermaLink="true">https://feed.craftedsignal.io/briefs/2026-05-cve-2026-46840-ords/</guid><description>CVE-2026-46840 is a critical vulnerability in Oracle REST Data Services (ORDS) that allows an unauthenticated attacker with network access to achieve complete takeover of the service, potentially impacting additional products due to scope change.</description><content:encoded><![CDATA[<p>CVE-2026-46840 is a highly critical vulnerability affecting Oracle REST Data Services (ORDS), specifically the Backend-as-a-Service component. The vulnerability impacts versions 24.2.0 through 26.1.0. An unauthenticated attacker with network access via HTTPS can exploit this flaw to completely compromise an ORDS instance. Successful exploitation leads to full control of the ORDS instance and may also cause significant impact on other products that rely on the compromised ORDS instance due to the scope change aspect of the vulnerability. This presents a substantial risk to organizations utilizing affected versions of Oracle REST Data Services, potentially allowing attackers to gain unauthorized access to sensitive data, modify system configurations, or disrupt critical services.</p>
<h2 id="attack-chain">Attack Chain</h2>
<ol>
<li>Attacker identifies a vulnerable Oracle REST Data Services instance accessible via HTTPS.</li>
<li>Attacker sends a specially crafted HTTPS request to the vulnerable Backend-as-a-Service component.</li>
<li>The malicious request exploits a flaw within the ORDS application, bypassing authentication checks.</li>
<li>The vulnerability allows the attacker to execute arbitrary code within the ORDS instance.</li>
<li>Attacker leverages the code execution to escalate privileges within the ORDS environment.</li>
<li>Attacker gains complete control over the ORDS instance, achieving full administrative access.</li>
<li>The attacker can now access sensitive data, modify configurations, or disrupt the ORDS service.</li>
<li>Due to the scope change impact, the attacker pivots to compromise other products or services that rely on the now-compromised ORDS instance, expanding the impact of the attack.</li>
</ol>
<h2 id="impact">Impact</h2>
<p>Successful exploitation of CVE-2026-46840 can result in a complete takeover of Oracle REST Data Services. This can lead to unauthorized access to sensitive data, modification of critical system configurations, and disruption of essential services. The vulnerability's potential to impact additional products amplifies the risk, potentially exposing a wider range of systems and data to compromise. Given the CVSS base score of 10.0, the impact is considered critical, affecting confidentiality, integrity, and availability.</p>
<h2 id="recommendation">Recommendation</h2>
<ul>
<li>Apply the patch provided by Oracle to address CVE-2026-46840 on all affected Oracle REST Data Services instances (versions 24.2.0-26.1.0).</li>
<li>Deploy the Sigma rule &quot;Detect CVE-2026-46840 Exploitation Attempt via Malicious HTTPS Request&quot; to identify exploitation attempts in web server logs.</li>
<li>Implement network segmentation to limit the scope of potential compromise in case of successful exploitation, mitigating the &quot;scope change&quot; impact mentioned in the overview.</li>
<li>Monitor outbound network connections originating from ORDS servers for unusual activity after patching, which could indicate post-exploitation activity.</li>
</ul>
]]></content:encoded><category domain="severity">critical</category><category domain="type">advisory</category><category>oracle</category><category>rds</category><category>rest</category><category>vulnerability</category><category>cve-2026-46840</category><category>takeover</category></item></channel></rss>