The Hacker News

Oracle Patches Critical CVE-2026-21992 Enabling Unauthenticated RCE in Identity Manager

Oracle fixes CVE-2026-21992 (CVSS 9.8) flaw enabling unauthenticated RCE via HTTP, risking full system compromise.
Dark Reading

Patch Now: Oracle's Fusion Middleware Has Critical RCE Flaw

Attackers can execute arbitrary code without authentication if Oracle's Identity or Web Services Managers are exposed to the Web.

Oracle pushes emergency fix for critical Identity Manager RCE flaw

Oracle has released an out-of-band security update to fix a critical unauthenticated remote code execution vulnerability in Identity Manager and Web Services Manager tracked as CVE-2026-21992.

Oracle Identity Manager: Out-of-band update against code smuggling vulnerability

Oracle has released an emergency update for Identity Manager and Web Services Manager to close a code smuggling vulnerability ...
Network World

Oracle finds success in the identity sphere

There was big news out of Oracle last week. Not the announcement of Oracle Access Management Suite (relatively big news), but a personnel change that speaks volumes for the success that Oracle has had ...
SDxCentral

Oracle Security Makeover Highlights CASB, Identity Automation

The company calls its new security framework Trust Fabric and says it can help companies predict, prevent, and respond to threats using integrated technologies and automation. The Oracle security ...