Identity-Management

• Oracle Patches Critical CVE-2026-21992 Enabling Unauthenticated RCE in Identity Manager March 24, 2026

  Oracle issued an out-of-band emergency patch on March 19 for CVE-2026-21992, a CVSS 9.8 unauthenticated RCE affecting Oracle Identity Manager and Web Services Manager. If your org runs either product on versions 12.2.1.4.0 or 14.1.2.1.0, patching cannot wait for the next quarterly cycle.