The CERT‑FR alert identifies several vulnerabilities in Oracle Database Server (Net Service) versions 23.4.0 through 23.26.2 that could allow attackers to execute arbitrary code and cause remote denial of service. The vulnerabilities were first reported in the Oracle security bulletin cspumay2026 dated 28 May 2026. Affected systems include all Oracle Database Server installations within the specified version range. CERT‑FR recommends applying the patches provided by Oracle as detailed in the vendor’s security bulletin. The specific CVE identifiers associated with these issues are CVE‑2026‑46833, CVE‑2026‑46834, and CVE‑2026‑46835. For further details, consult the Oracle security alert and the CVE records. The alert also notes that the vulnerabilities could be exploited without authentication, posing a significant risk to exposed database services.
Summary of content from
Made by AI. If you spot anything of concern write us at contact@cybach.com. We’ll promptly correct irregularities.