Skip to main content

Oracle Virtual Directory

1 CVEs product

Monthly

CVE-2026-35312 CRITICAL Act Now

Remote unauthenticated takeover of Oracle Virtual Directory 12.2.1.4.0 and 14.1.2.0.0 is possible via crafted LDAP traffic, yielding full confidentiality, integrity, and availability impact (CVSS 9.8). The flaw lives in the Virtual Directory Server component of Oracle Fusion Middleware and is described by Oracle as easily exploitable over the network with no authentication or user interaction. No public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV.

Oracle Oracle Virtual Directory Authentication Bypass
NVD
CVSS 3.1
9.8
EPSS
0.5%
EPSS 1% CVSS 9.8
CRITICAL Act Now

Remote unauthenticated takeover of Oracle Virtual Directory 12.2.1.4.0 and 14.1.2.0.0 is possible via crafted LDAP traffic, yielding full confidentiality, integrity, and availability impact (CVSS 9.8). The flaw lives in the Virtual Directory Server component of Oracle Fusion Middleware and is described by Oracle as easily exploitable over the network with no authentication or user interaction. No public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV.

Oracle Oracle Virtual Directory Authentication Bypass
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy