216.73.217.126

CVE-2026-35254

· Published 06/05/2026 08:16 · Modified 06/05/2026 20:30

Labels: CVE-2026-35254 2026-05-06CVE-2026-35254CWE-22[email protected]

Essential information

Published
06/05/2026 08:16
Modified
06/05/2026 20:30
Author
Creator
CVSS
6.1 MEDIUM (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:L

CVSS metrics

Description

Vulnerability in the Oracle OCI CLI product of Oracle Open Source Projects. The supported versions that is affected is 3.77. Easily exploitable vulnerability allows unauthenticated attacker with network access to compromise Oracle OCI CLI. Successful attacks of this vulnerability can result in Oracle OCI CLI allowing users to place imported files outside the intended directory.

NVD status

Status
Analyzed — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
oracle / cloud infrastructure cli cpe:2.3:a:oracle:cloud_infrastructure_cli:3.77:*:*:*:*:*:*:*

References