Skip to main content

Oracle Unified Directory

3 CVEs product

Monthly

CVE-2026-46776 HIGH This Week

Unauthenticated LDAP-based compromise of Oracle Unified Directory 12.2.1.4.0 and 14.1.2.1.0 allows remote attackers to create, delete, or modify critical directory data, read a subset of directory data, and trigger a partial denial of service. The flaw resides in the OUD Core component and was disclosed in Oracle's June 2026 Critical Patch Update with a CVSS 3.1 base score of 8.6; no public exploit identified at time of analysis and the issue is not in CISA KEV.

Denial Of Service Oracle Oracle Unified Directory Authentication Bypass
NVD
CVSS 3.1
8.6
EPSS
0.4%
CVE-2026-46774 CRITICAL Act Now

Remote takeover of Oracle Unified Directory 12.2.1.4.0 and 14.1.2.1.0 is possible via the OUD Core component's RMI interface, allowing unauthenticated network attackers to fully compromise the LDAP directory service. Oracle rates this CVSS 9.8 with confidentiality, integrity, and availability impacts; no public exploit identified at time of analysis and it is not currently listed in CISA KEV, but the RMI attack surface and trivial complexity make it a high-priority patching target.

Oracle Oracle Unified Directory Authentication Bypass
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2026-46773 CRITICAL Act Now

Unauthenticated LDAP-based takeover of Oracle Unified Directory affects supported versions 12.2.1.4.0 and 14.1.2.1.0 within Oracle Fusion Middleware, allowing a remote attacker with network reachability to the LDAP service to fully compromise the directory server. The flaw carries a CVSS 3.1 base score of 9.8 with high confidentiality, integrity, and availability impact, and no public exploit identified at time of analysis. Because directory services underpin enterprise identity, successful exploitation cascades into authentication and authorization decisions for every downstream application that relies on OUD.

Oracle Oracle Unified Directory Authentication Bypass
NVD
CVSS 3.1
9.8
EPSS
0.5%
EPSS 0% CVSS 8.6
HIGH This Week

Unauthenticated LDAP-based compromise of Oracle Unified Directory 12.2.1.4.0 and 14.1.2.1.0 allows remote attackers to create, delete, or modify critical directory data, read a subset of directory data, and trigger a partial denial of service. The flaw resides in the OUD Core component and was disclosed in Oracle's June 2026 Critical Patch Update with a CVSS 3.1 base score of 8.6; no public exploit identified at time of analysis and the issue is not in CISA KEV.

Denial Of Service Oracle Oracle Unified Directory +1
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Remote takeover of Oracle Unified Directory 12.2.1.4.0 and 14.1.2.1.0 is possible via the OUD Core component's RMI interface, allowing unauthenticated network attackers to fully compromise the LDAP directory service. Oracle rates this CVSS 9.8 with confidentiality, integrity, and availability impacts; no public exploit identified at time of analysis and it is not currently listed in CISA KEV, but the RMI attack surface and trivial complexity make it a high-priority patching target.

Oracle Oracle Unified Directory Authentication Bypass
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Unauthenticated LDAP-based takeover of Oracle Unified Directory affects supported versions 12.2.1.4.0 and 14.1.2.1.0 within Oracle Fusion Middleware, allowing a remote attacker with network reachability to the LDAP service to fully compromise the directory server. The flaw carries a CVSS 3.1 base score of 9.8 with high confidentiality, integrity, and availability impact, and no public exploit identified at time of analysis. Because directory services underpin enterprise identity, successful exploitation cascades into authentication and authorization decisions for every downstream application that relies on OUD.

Oracle Oracle Unified Directory Authentication Bypass
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy