Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Oracle Identity Manager and Oracle Web Services Manager unauthenticated RCE (CVE-2026-21992)

Vulnerability
First reported
Last updated
Happening score
H score 55
2 unique sources, 2 articles

Summary

Hide ▲

Oracle issued an out-of-band update to fix CVE-2026-21992, a critical unauthenticated remote code execution flaw in Oracle Identity Manager and Oracle Web Services Manager. The issue is remotely exploitable over HTTP with no authentication or user interaction and could lead to RCE on exposed servers. Oracle is strongly recommending immediate patching, while exploitation has not been confirmed.

Related Happenings

Oracle WebLogic Server CVE-2026-21962 rapid exploitation wave

Exploitation Wave
First: 26.03.2026 18:00 Last: 26.03.2026 18:00 Sources 1

About this happening: **Oracle WebLogic Server** systems faced a rapid **CVE-2026-21962** exploitation wave after public exploit code appeared, creating immediate **RCE risk** for exposed servers. The...

Open Happening

Langflow CVE-2026-33017 exploitation wave

Exploitation Wave
First: 20.03.2026 12:20 Last: 20.03.2026 12:20 Sources 1

About this happening: **CVE-2026-33017** in **Langflow** is being exploited in a fast-moving **early wave** that surfaced within **20 hours** of the advisory, putting exposed instances at immediate ris...

Open Happening

Cl0p Oracle E-Business Suite zero-day extortion campaign

Campaign
First: 02.03.2026 15:53 Last: 02.03.2026 15:53 Sources 1

About this happening: The **Cl0p ransomware and extortion group** is running an **Oracle E-Business Suite** extortion campaign that used **zero-day vulnerabilities** to access data from **more than 100...

Open Happening

Sangoma FreePBX web shell exploitation wave (CVE-2025-64328)

Exploitation Wave
First: 27.02.2026 19:59 Last: 27.02.2026 19:59 Sources 1

About this happening: More than **900 Sangoma FreePBX** instances remain **web-shell infected** after an **ongoing exploitation wave** tied to **CVE-2025-64328**. The affected systems span the **U.S.**...

Open Happening

CISA KEV mitigation for BeyondTrust CVE-2026-1731

Advisory/Mitigation
First: 20.02.2026 19:02 Last: 20.02.2026 19:02 Sources 1

About this happening: CISA ordered urgent **KEV** mitigation for **CVE-2026-1731** in **BeyondTrust Remote Support** and **Privileged Remote Access**, forcing affected federal deployments to **apply th...

Open Happening

Timeline

  1. 20.03.2026 20:48 1 articles · 2mo ago

    Oracle releases out-of-band Security Alert for CVE-2026-21992

    Mitigation Patch Update

    Oracle released an out-of-band Security Alert to fix CVE-2026-21992, a critical unauthenticated remote code execution flaw in Oracle Identity Manager and Oracle Web Services Manager. The update is intended for supported versions of both products, including 12.2.1.4.0 and 14.1.2.1.0, to reduce risk on exposed servers.

    Show sources
    Open in new tab
  2. 20.03.2026 20:48 2 articles · 2mo ago

    Oracle details critical unauthenticated RCE in Identity Manager and Web Services Manager

    Initial Disclosure

    Oracle described CVE-2026-21992 as remotely exploitable over HTTP with low complexity, no authentication, and no user interaction, and assigned it a CVSS v3.1 score of 9.8. The advisory says the flaw affects Oracle Identity Manager and Oracle Web Services Manager versions 12.2.1.4.0 and 14.1.2.1.0, recommends applying updates or mitigations as soon as possible, and says exploitation has not been confirmed.

    Show sources
    Open in new tab