CVE-2026-35254

MEDIUM

6.1

Descripcion

Vulnerability in the Oracle OCI CLI product of Oracle Open Source Projects. The supported versions that is affected is 3.77. Easily exploitable vulnerability allows unauthenticated attacker with network access to compromise Oracle OCI CLI. Successful attacks of this vulnerability can result in Oracle OCI CLI allowing users to place imported files outside the intended directory.

Detalles CVE

Puntuacion CVSS v3.16.1

SeveridadMEDIUM

Vector CVSSCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:L

Vector de ataqueLOCAL

ComplejidadLOW

Privilegios requeridosNONE

Interaccion usuarioREQUIRED

Publicado5/6/2026

Ultima modificacion5/6/2026

Fuentenvd

Avistamientos honeypot0

Productos afectados

oracle:cloud_infrastructure_cli

Debilidades (CWE)

CWE-22

Referencias

https://www.oracle.com/security-alerts/all-oracle-cves-outside-other-oracle-public-documents.html(secalert_us@oracle.com)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.