Identity-Management

• CVE-2026-21992: Oracle Patches Unauthenticated RCE in Identity Manager and Web Services Manager March 24, 2026

  Oracle issued an out-of-band patch for CVE-2026-21992, a CVSS 9.8 unauthenticated remote code execution flaw in Oracle Identity Manager and Web Services Manager versions 12.2.1.4.0 and 14.1.2.1.0. No authentication, network access via HTTP -- full takeover.

• CVE-2026-21992: Oracle Identity Manager RCE -- CVSS 9.8, Patch Available March 24, 2026

  Oracle has released an out-of-band patch for CVE-2026-21992, a critical unauthenticated remote code execution flaw in Identity Manager and Web Services Manager scoring CVSS 9.8. If you're running either product, patching is not optional.