Is Oracle affected by EUVD-2026-12665?

A critical vulnerability (CVSS 9.8) in Oracle Edge Cloud Infrastructure Designer affects version 0.3.0, allowing unauthenticated attackers to gain complete control of the application via network access.

EUVD-2026-12665

| CVE-2026-21994 CRITICAL

2026-03-17 oracle

9.8

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

EUVD ID Assigned

Mar 17, 2026 - 23:02 euvd

EUVD-2026-12665

Analysis Generated

Mar 17, 2026 - 23:02 vuln.today

CVE Published

Mar 17, 2026 - 22:43 nvd

CRITICAL 9.8

Description

Vulnerability in the Oracle Edge Cloud Infrastructure Designer and Visualisation Toolkit product of Oracle Open Source Projects (component: Desktop). The supported version that is affected is 0.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Edge Cloud Infrastructure Designer and Visualisation Toolkit. Successful attacks of this vulnerability can result in takeover of Oracle Edge Cloud Infrastructure Designer and Visualisation Toolkit. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Analysis

This is a critical unauthenticated remote code execution vulnerability in Oracle Edge Cloud Infrastructure Designer and Visualisation Toolkit version 0.3.0. An attacker with network access via HTTP can completely take over the affected system without any authentication, privileges, or user interaction required. …

Remediation

Within 24 hours: Identify all instances of version 0.3.0 in production and development environments; isolate affected systems from untrusted networks if possible. Within 7 days: Implement network-level access controls (restrict HTTP access to authorized users/IPs only); deploy WAF rules to block suspicious requests; escalate with Oracle for patch timeline. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +49

POC: 0

EUVD-2026-12665 vulnerability details – vuln.today

Back

EUVD-2026-12665

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Analysis

Full analysis requires sign-in

Priority Score

Share

EUVD-2026-12665

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Full analysis requires sign-in

Priority Score

Share

External POC / Exploit Code