Oracle pushes emergency fix for critical Identity Manager RCE flaw Oracle released an out-of-band security update to address a critical unauthenticated remote code execution vulnerability tracked as CVE-2026-21992 in Oracle Identity Manager and Oracle Web Services Manager. The flaw is remotely exploitable over HTTP with a CVSS v3.1 score of 9.8, Oracle urges immediate patching for supported versions but declined to comment on whether the vulnerability has been exploited. #OracleIdentityManager #OracleWebServicesManager

Oracle released an emergency patch for CVE-2026-21992, a critical unauthenticated RCE in Identity Manager and Web Services Manager with a 9.8 CVSS score, exploitable remotely over HTTP. #OracleFix #RCEVulnerability #USA