ZDI-CAN-28806
HIGH 7.5
Upcoming
Mar 25, 2026
Oracle
Oracle, a major software and cloud services provider, has a high-severity vulnerability (CVSS 7.5) that requires local access and high-level privileges to exploit but can compromise system confidentiality, integrity, and availability across trust boundaries. The attack is difficult to execute and requires user interaction, limiting its practical exploitability despite the high impact potential. Security teams should monitor Oracle's July 2026 patch deadline and prioritize updates for systems where administrative users may be compromised or untrusted.
Advisory Details
Researcher
VMBreakers(SANGBIN KIM, GANGMIN KIM, Un3xploitable)
Reported
March 25, 2026
Deadline
July 23, 2026
98d
CVSS Vector
AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H