# CVE-2026-21992

> Critical remote code execution vulnerability in Oracle Fusion Middleware affecting Oracle Identity Manager and Oracle Web Services Manager. The flaw enables unauthenticated remote attackers with network access via HTTP to achieve complete system compromise due to missing authentication for critical functions in the REST WebServices component.

- **CVSS:** 9.8 (CRITICAL)
- **EPSS:** 0.1%
- **CWE:** CWE-306

Canonical: https://intel.threadlinqs.com/cve/CVE-2026-21992
Full threat coverage + IOCs via the Threadlinqs MCP server (Purple tier): https://intel.threadlinqs.com/mcp