Oracle Releases Emergency Patch for Critical Identity Manager Vulnerability
CVE-2026-21992 can be used without authentication for remote code execution and it may have been exploited in the wild. The post Oracle Releases Emergency Patch for Critical Identity Manager Vulnerability appeared first on SecurityWeek.
Oracle on Friday issued out-of-band updates to patch a critical vulnerability affecting its Identity Manager and Web Services Manager products.
Oracle Identity Manager is an enterprise identity governance platform that automates user provisioning, deprovisioning, and access management across applications and systems. Oracle Web Services Manager is a policy-driven framework for managing and protecting web services.
Oracle revealed that the products, part of the Fusion Middleware suite, are affected by CVE-2026-21992, a critical vulnerability that can be exploited by an unauthenticated attacker for remote code execution.
Related breach coverage
- Critical Grandstream Phone Vulnerability Exposes Calls to Interception2026-02-21
The flaw tracked as CVE-2026-2329 can be exploited without authentication for remote code execution with root privileges. The post Critical Grandstream Phone Vulnerability Exposes Calls to Interception appeared first on SecurityWeek.
- Critical Oracle Identity Manager Flaw Possibly Exploited as Zero-Day2025-11-21
CVE-2025-61757 is an unauthenticated remote code execution vulnerability affecting Oracle Identity Manager. The post Critical Oracle Identity Manager Flaw Possibly Exploited as Zero-Day appeared first on SecurityWeek.
- CISA Warns of Attacks Exploiting Recent SharePoint Vulnerability2026-03-19
The SharePoint remote code execution vulnerability CVE-2026-20963, which Microsoft patched in January, has been exploited in the wild. The post CISA Warns of Attacks Exploiting Recent SharePoint Vulnerability appeared first on SecurityWeek.
- Critical Vulnerability Exposes n8n Instances to Takeover Attacks2026-01-08
Tracked as CVE-2026-21858 (CVSS score 10), the bug enables remote code execution without authentication. The post Critical Vulnerability Exposes n8n Instances to Takeover Attacks appeared first on SecurityWeek.