Oracle Identity Manager: Out-of-band update against code smuggling vulnerability

Oracle has released an emergency update for Identity Manager and Web Services Manager to close a code smuggling vulnerability ...
The Hacker News

Oracle Patches Critical CVE-2026-21992 Enabling Unauthenticated RCE in Identity Manager

Oracle fixes CVE-2026-21992 (CVSS 9.8) flaw enabling unauthenticated RCE via HTTP, risking full system compromise.
SecurityWeek

Oracle Releases Emergency Patch for Critical Identity Manager Vulnerability

Oracle issues out-of-band updates to patch CVE-2026-21992, a critical vulnerability in Identity Manager and Web Services ...

Oracle pushes emergency fix for critical Identity Manager RCE flaw

Oracle has released an out-of-band security update to fix a critical unauthenticated remote code execution vulnerability in ...
Dark Reading

Patch Now: Oracle's Fusion Middleware Has Critical RCE Flaw

Attackers can execute arbitrary code without authentication if Oracle's Identity or Web Services Managers are exposed to the Web.
Computer Weekly

Emergency Microsoft, Oracle patches point to wider cyber issues

Emergency out-of-band patches from Microsoft and Oracle signal underlying security issues around update cycles and patching, ...
Bleeping Computer

Oracle Fixes "Default Account" Issue Rated 10 Out of 10 on Severity Scale

Oracle has released patches for a security issue affecting the Oracle Identity Manager that has received a rare 10 out of 10 score on the CVSSv3 bug severity scale. The giant software maker has ...