Network Access Vulnerability in Oracle Macaron Tool by Oracle
CVE-2026-35253

4.7MEDIUM

Key Information:

Vendor: Oracle
Status: Oracle Macaron Tool Of Oracle Open Source Projects
Vendor: CVE Published:; 6 May 2026

What is CVE-2026-35253?

An exploitable vulnerability exists in the Oracle Macaron Tool, which allows unauthenticated attackers with network access via HTTP to bypass host address validation. This issue can lead to unauthorized access and potential compromise of the system. It specifically affects version 0.22.0 of the software, posing significant risks for users relying on this tool for secure operations.

Affected Version(s)

Oracle Macaron Tool of Oracle Open Source Projects v0.22.0

References

https://www.oracle.com/security-alerts/all-oracle-cves-ou...

vendor-advisory

CVSS V3.1

Score:

4.7

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 6, 2026
Vulnerability Reserved
Apr 1, 2026

CVE-2026-35253 Data

JSON