Latest Cyber Security News

You are here: Home / General Cyber Security News / Oracle Patches Critical CVE-2026-21992 Enabling Unauthenticated RCE in Identity Manager
March 21, 2026

Oracle has released security updates to address a critical security flaw impacting Identity Manager and Web Services Manager that could be exploited to achieve remote code execution.

The vulnerability, tracked as CVE-2026-21992, carries a CVSS score of 9.8 out of a maximum of 10.0.

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


“This vulnerability is remotely exploitable without authentication,” Oracle said in an advisory. “If successfully exploited, this vulnerability may result in remote code execution.”

CVE-2026-21992 affects the following versions –

  • Oracle Identity Manager versions 12.2.1.4.0 and 14.1.2.1.0
  • Oracle Web Services Manager versions 12.2.1.4.0 and 14.1.2.1.0

Cybersecurity

According to a description of the flaw in the NIST National Vulnerability Database (NVD), it’s “easily exploitable” and could allow an unauthenticated attacker with network access via HTTP to compromise Oracle Identity Manager and Oracle Web Services Manager. This, in turn, can result in the successful takeover of susceptible instances.

Oracle makes no mention of the vulnerability being exploited in the wild. However, the tech giant has urged customers to apply the update without delay for optimal protection.

In November 2025, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2025-61757 (CVSS score: 9.8), a pre-authenticated remote code execution flaw impacting Oracle Identity Manager, to the Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.

Found this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post.


Some parts of this article are sourced from:
thehackernews.com

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *