Oracle has launched safety updates to handle a vital safety flaw impacting Id Supervisor and Net Providers Supervisor that could possibly be exploited to attain distant code execution.
The vulnerability, tracked as CVE-2026-21992, carries a CVSS rating of 9.8 out of a most of 10.0.
“This vulnerability is remotely exploitable with out authentication,” Oracle stated in an advisory. “If efficiently exploited, this vulnerability could end in distant code execution.”
CVE-2026-21992 impacts the next variations –
- Oracle Id Supervisor variations 12.2.1.4.0 and 14.1.2.1.0
- Oracle Net Providers Supervisor variations 12.2.1.4.0 and 14.1.2.1.0
In response to an outline of the flaw within the NIST Nationwide Vulnerability Database (NVD), it is “simply exploitable” and will enable an unauthenticated attacker with community entry through HTTP to compromise Oracle Id Supervisor and Oracle Net Providers Supervisor. This, in flip, may end up in the profitable takeover of prone cases.
Oracle makes no point out of the vulnerability being exploited within the wild. Nonetheless, the tech big has urged prospects to use the replace directly for optimum safety.
In November 2025, the U.S. Cybersecurity and Infrastructure Safety Company (CISA) added CVE-2025-61757 (CVSS rating: 9.8), a pre-authenticated distant code execution flaw impacting Oracle Id Supervisor, to the Identified Exploited Vulnerabilities (KEV) catalog, citing proof of energetic exploitation.
Elevate your perspective with NextTech Information, the place innovation meets perception.
Uncover the most recent breakthroughs, get unique updates, and join with a world community of future-focused thinkers.
Unlock tomorrow’s developments at present: learn extra, subscribe to our e-newsletter, and change into a part of the NextTech neighborhood at NextTech-news.com
