The Hacker News

Oracle Patches Critical CVE-2026-21992 Enabling Unauthenticated RCE in Identity Manager

Oracle fixes CVE-2026-21992 (CVSS 9.8) flaw enabling unauthenticated RCE via HTTP, risking full system compromise.
Dark Reading

Patch Now: Oracle's Fusion Middleware Has Critical RCE Flaw

Attackers can execute arbitrary code without authentication if Oracle's Identity or Web Services Managers are exposed to the Web.