TECHNOLOGYglobal
Oracle Patches Critical CVE-2026-21992 Enabling Unauthenticated RCE in Identity Manager
Single source
Updated 4 hours ago
First seen March 21, 2026 11:55:45Stay on top of this story
Follow the names and topics behind it.
Add this story's key topics to your watchlist so LyscoNews can highlight related developments and future matches.
Create a free account to sync your watchlist, saved stories, and alerts across devices.
Quick Summary
Oracle has released security updates to address a critical security flaw impacting Identity Manager and Web Services Manager that could be exploited to achieve remote code execution. The vulnerability, tracked as CVE-2026-21992, carries a CVSS score of 9.8 out of a maximum of 10.0. "This vulnerability is remotely exploitable without authentication," Oracle said in an advisory. "If successfully