CVE-2026-21992
Description
Referenced in article: Oracle pushes emergency fix for critical Identity Manager RCE flaw
EPSS — Exploit Probability
Higher than 18.2% of all CVEs
Related Articles (4)
Oracle Releases Emergency Patch for Critical Identity Manager Vulnerability
CVE-2026-21992 can be used without authentication for remote code execution and it may have been exploited in the wild.
Mar 23, 2026
⚡ Weekly Recap: CI/CD Backdoor, FBI Buys Location Data, WhatsApp Ditches Numbers & More
Trivy backdoored, FBI buys location data, iOS DarkSword kit, WhatsApp usernames, Langflow RCE, Cisco FMC zero-day & critical CVEs to patch.
Mar 23, 2026
Oracle pushes emergency fix for critical Identity Manager RCE flaw
Oracle has released an out-of-band security update to fix a critical unauthenticated remote code execution vulnerability in Identity Manager and Web Services Manager tracked as CVE-2026-21992.
Mar 20, 2026
Oracle Patches Critical CVE-2026-21992 Enabling Unauthenticated RCE in Identity Manager
Oracle fixes CVE-2026-21992 (CVSS 9.8) flaw enabling unauthenticated RCE via HTTP, risking full system compromise.
Mar 21, 2026
Risk Assessment
STANDARDNo elevated risk factors detected.
Details
- Severity
- Info
- EPSS
- 0.1%
- CISA KEV
- No
- Articles
- 4
Timeline
Published
Mar 28, 2026