Vulnerability in Oracle OCI CLI Product by Oracle Open Source Projects
CVE-2026-35254

6.1MEDIUM

Key Information:

Vendor: Oracle
Status: Oracle Oci Cli Of Oracle Open Source Projects
Vendor: CVE Published:; 6 May 2026

What is CVE-2026-35254?

A vulnerability has been identified in the Oracle OCI CLI that allows an unauthenticated attacker with network access to manipulate file placements outside of the designated directories. This can lead to unauthorized access and potential compromise of the application. The affected version is 3.77, and it underscores the importance of securing your deployment against external threats. For further details, refer to Oracle's security advisory.

Affected Version(s)

Oracle OCI CLI of Oracle Open Source Projects 3.77.0

References

https://www.oracle.com/security-alerts/all-oracle-cves-ou...

vendor-advisory

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 6, 2026
Vulnerability Reserved
Apr 1, 2026

CVE-2026-35254 Data

JSON