Oracle Fusion Middleware Identity Manager Connector Vulnerability
CVE-2026-35294

9.9CRITICAL

Key Information:

Vendor

Oracle

Vendor
CVE Published:
16 June 2026

What is CVE-2026-35294?

An access control vulnerability exists in the Identity Manager Connector component of Oracle Fusion Middleware. This flaw enables low-privileged attackers to exploit the Connector via HTTP, potentially compromising it. While the vulnerability is specific to the Identity Manager Connector, successful exploitation could lead to significant impacts on other connected systems, making it imperative for users to secure their installations. The vulnerability affects specific versions: 12.2.1.4.0 and 14.1.2.1.0, necessitating immediate attention from users to reinforce their security measures.

Affected Version(s)

Identity Manager Connector 12.2.1.4.0

Identity Manager Connector 14.1.2.1.0

References

CVSS V3.1

Score:
9.9
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.