Oracle Issues Rare Emergency Patch for Critical Pre-Auth RCE in Identity Manager as Second Out-of-Band Fix in Four Months Signals Persistent Middleware Risk
Oracle releases out-of-band patch for CVE-2026-21992, a CVSS 9.8 unauthenticated RCE flaw in Identity Manager and Web Services Manager, just months after a similar vulnerability was actively exploited in the wild.
4 min read3 sources