PatchSiren cyber security CVE debrief
CVE-2026-35269 Oracle Corporation CVE debrief
A high-severity vulnerability was discovered in Oracle Fusion Middleware's Identity Manager product, specifically in the REST WebServices component. The vulnerability, tracked as CVE-2026-35269, has a CVSS score of 7.5 and allows unauthenticated attackers with network access via HTTP to compromise Identity Manager, potentially leading to unauthorized creation, deletion, or modification of critical data. Organizations using Oracle Fusion Middleware's Identity Manager product, specifically versions 12.2.1.4.0 and 14.1.2.1.0, should prioritize patching this vulnerability to prevent potential data integrity impacts.
- Vendor
- Oracle Corporation
- Product
- Identity Manager
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-17
- Original CVE updated
- 2026-06-17
- Advisory published
- 2026-06-17
- Advisory updated
- 2026-06-17
Who should care
Organizations using Oracle Fusion Middleware's Identity Manager product, specifically versions 12.2.1.4.0 and 14.1.2.1.0, should prioritize patching this vulnerability to prevent potential data integrity impacts. Security teams and administrators responsible for Identity Manager deployments should review the official advisory and take immediate action to mitigate the vulnerability.
Technical summary
The vulnerability, tracked as CVE-2026-35269, is easily exploitable and allows unauthenticated attackers with network access via HTTP to compromise Identity Manager. Successful attacks can result in unauthorized creation, deletion, or modification access to critical data or all Identity Manager accessible data. The CVSS 3.1 Base Score is 7.5 (Integrity impacts), with a vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N. The vulnerability affects Oracle Fusion Middleware's Identity Manager product, specifically versions 12.2.1.4.0 and 14.1.2.1.0.
Defensive priority
High priority should be given to patching this vulnerability due to its high CVSS score and potential for data integrity impacts.
Recommended defensive actions
- Apply the vendor-provided patch as soon as possible
- Review and update Identity Manager configurations to ensure proper security controls are in place
- Monitor Identity Manager systems for suspicious activity
- Implement compensating controls, such as additional authentication or access controls, if patching is not immediately feasible
- Review relevant monitoring, detection, and logs for exposed assets that need extra review
- Track exceptions, retest remediated assets, and close the item only after evidence is documented
- Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up
Evidence notes
The CVE record was published on 2026-06-17T10:40:19.130Z and last modified on 2026-06-17T18:55:31.517Z. The NVD entry is currently Analyzed. This information is based on the NVD entry and the CVE record. The vulnerability affects Oracle Fusion Middleware's Identity Manager product, specifically versions 12.2.1.4.0 and 14.1.2.1.0. The REST WebServices component is impacted. Defenders should verify the affected scope and review the official advisory for mitigation guidance.
Official resources
-
CVE-2026-35269 CVE record
CVE.org
-
CVE-2026-35269 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-06-17T10:40:19.130Z and has not been modified since then. The NVD entry is currently Analyzed.