Zero Day MonitorZDM

← Back to list

5.3

CVE-2026-46842EXPLOITEDPATCHED

oracle · rest data services

CVE-2026-46842: Vulnerability in Oracle REST Data Services (component: Core). Supported versions that are affected are 24.2.0-26.1.0. E

Description

Vulnerability in Oracle REST Data Services (component: Core). Supported versions that are affected are 24.2.0-26.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle REST Data Services. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle REST Data Services accessible data. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).

Affected Products

Vendor	Product	Versions
oracle	rest data services	24.2.0

Also Affects

Downstream vendors/products affected by this vulnerability

Vendor	Product	Source	Confidence
oracle	rest data services	cert_advisory	90%

References

https://www.oracle.com/security-alerts/cspumay2026.html(vendor-advisory)

Related News (2 articles)

Tier B

BSI Advisories2d ago

[NEU] [hoch] Oracle REST Data Services: Mehrere Schwachstellen

→ No new info (linked only)

Tier C

VulDB2d ago

CVE-2026-46842 | Oracle REST Data Services up to 26.1.0 Core improper authorization

→ No new info (linked only)

CVSS 3.15.3 MEDIUM

VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CISA KEV❌ No

Actively exploited✅ Yes

Patch available

https://www.oracle.com/security-alerts/cspumay2026.html

PublishedMay 28, 2026

Last enriched2d agov2

Trending Score44

Source articles2

Independent2

Info Completeness8/14

Missing: epss, cwe, kev, exploit, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

CRITICALCVE-2026-46817EXP

CVE-2026-46817: Vulnerability in the Oracle Payments product of Oracle E-Business Suite (component: File Transmission). Supported versi

CRITICALCVE-2026-46840EXP

CVE-2026-46840: Vulnerability in Oracle REST Data Services (component: Backend-as-a-Service). Supported versions that are affected are

CRITICALCVE-2026-46833

CVE-2026-46833: Vulnerability in the Net Service component of Oracle Database Server. Supported versions that are affected are 23.4.0-2

MEDIUMCVE-2026-46841EXP

CVE-2026-46841: Vulnerability in Oracle REST Data Services (component: General). Supported versions that are affected are 24.2.0-26.1.0

MEDIUMCVE-2026-46843EXP

CVE-2026-46843: Vulnerability in Oracle REST Data Services (component: Core). Supported versions that are affected are 24.2.0-26.1.0. E

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

May 28, 2026

Discovered by ZDM

May 28, 2026

Updated: description, severity, activelyExploited

May 28, 2026

Actively Exploited

May 29, 2026

Patch Available

May 29, 2026

Version History

v2

Last enriched 2d ago

v2Tier C2d ago

Updated severity to CRITICAL, changed exploit availability to false, and provided a more detailed description of the vulnerability.

descriptionseverityactivelyExploited

via VulDB

v12d ago

Initial creation