EUVD-2026-27532
GHSA-j8g2-w9r2-vfj2
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N
Lifecycle Timeline
1DescriptionNVD
Vulnerability in the Oracle Macoron Tool product of Oracle Open Source Projects. The supported versions that is affected is v0.22.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Macaron Tool. Successful attacks of this vulnerability can result in Oracle Macaron Tool failing host address validation.
AnalysisAI
Oracle Macaron Tool v0.22.0 fails to properly validate host addresses in HTTP requests, allowing unauthenticated remote attackers to cause information disclosure through crafted network traffic. The vulnerability requires user interaction (UI:R) and affects the confidentiality of the tool's host validation mechanism. …
Sign in for full analysis, threat intelligence, and remediation guidance.
More from same product – last 7 days
Remote takeover of Oracle REST Data Services (ORDS) versions 24.2.0 through 26.1.0 allows unauthenticated attackers to c
Takeover of Oracle REST Data Services (ORDS) versions 24.2.0 through 26.1.0 is achievable by a low-privileged remote att
Account takeover in Oracle iAssets (part of Oracle E-Business Suite versions 12.2.3 through 12.2.15) allows a low-privil
Account takeover in Oracle Universal Work Queue (component: Work Provider Site Level Administration) within Oracle E-Bus
Privilege escalation to full takeover in Oracle REST Data Services (ORDS) versions 24.2.0 through 26.1.0 allows a low-pr
Share
External POC / Exploit Code
Leaving vuln.today