{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-21994", "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85", "state": "PUBLISHED", "assignerShortName": "oracle", "dateReserved": "2026-01-05T18:07:34.718Z", "datePublished": "2026-03-17T22:43:25.418Z", "dateUpdated": "2026-03-18T14:33:31.192Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "43595867-4340-4103-b7a2-9a5208d29a85", "shortName": "oracle", "dateUpdated": "2026-03-18T03:29:55.955Z"}, "problemTypes": [{"descriptions": [{"lang": "en-US", "description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Edge Cloud Infrastructure Designer and Visualisation Toolkit. Successful attacks of this vulnerability can result in takeover of Oracle Edge Cloud Infrastructure Designer and Visualisation Toolkit."}]}], "affected": [{"vendor": "Oracle Corporation", "product": "Oracle Edge Cloud Infrastructure Designer and Visualisation Toolkit", "versions": [{"version": "0.3.0", "status": "affected", "versionType": "semver"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:oracle:edge_cloud_infrastructure_designer_and_visualisation_toolkit:0.3.0:*:*:*:*:*:*:*"}]}]}], "descriptions": [{"lang": "en-US", "value": "Vulnerability in the Oracle Edge Cloud Infrastructure Designer and Visualisation Toolkit product of Oracle Open Source Projects (component: Desktop). The supported version that is affected is 0.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Edge Cloud Infrastructure Designer and Visualisation Toolkit. Successful attacks of this vulnerability can result in takeover of Oracle Edge Cloud Infrastructure Designer and Visualisation Toolkit. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)."}], "references": [{"url": "https://www.oracle.com/security-alerts/all-oracle-cves-outside-other-oracle-public-documents.html", "name": "Oracle Advisory", "tags": ["vendor-advisory"]}], "metrics": [{"cvssV3_1": {"attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL"}}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-284", "lang": "en", "description": "CWE-284 Improper Access Control"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-18T14:32:21.148859Z", "id": "CVE-2026-21994", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-18T14:33:31.192Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-21994", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-18T14:32:21.148859Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-284", "description": "CWE-284 Improper Access Control"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-18T14:33:26.445Z"}}], "cna": {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "Oracle Corporation", "product": "Oracle Edge Cloud Infrastructure Designer and Visualisation Toolkit", "versions": [{"status": "affected", "version": "0.3.0", "versionType": "semver"}]}], "references": [{"url": "https://www.oracle.com/security-alerts/all-oracle-cves-outside-other-oracle-public-documents.html", "name": "Oracle Advisory", "tags": ["vendor-advisory"]}], "descriptions": [{"lang": "en-US", "value": "Vulnerability in the Oracle Edge Cloud Infrastructure Designer and Visualisation Toolkit product of Oracle Open Source Projects (component: Desktop). The supported version that is affected is 0.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Edge Cloud Infrastructure Designer and Visualisation Toolkit. Successful attacks of this vulnerability can result in takeover of Oracle Edge Cloud Infrastructure Designer and Visualisation Toolkit. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)."}], "problemTypes": [{"descriptions": [{"lang": "en-US", "description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Edge Cloud Infrastructure Designer and Visualisation Toolkit. Successful attacks of this vulnerability can result in takeover of Oracle Edge Cloud Infrastructure Designer and Visualisation Toolkit."}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:oracle:edge_cloud_infrastructure_designer_and_visualisation_toolkit:0.3.0:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}]}], "providerMetadata": {"orgId": "43595867-4340-4103-b7a2-9a5208d29a85", "shortName": "oracle", "dateUpdated": "2026-03-18T03:29:55.955Z"}}}, "cveMetadata": {"cveId": "CVE-2026-21994", "state": "PUBLISHED", "dateUpdated": "2026-03-18T14:33:31.192Z", "dateReserved": "2026-01-05T18:07:34.718Z", "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85", "datePublished": "2026-03-17T22:43:25.418Z", "assignerShortName": "oracle"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Vulnerability in the Oracle Edge Cloud Infrastructure Designer and Visualisation Toolkit product of Oracle Open Source Projects (component: Desktop). The supported version that is affected is 0.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Edge Cloud Infrastructure Designer and Visualisation Toolkit. Successful attacks of this vulnerability can result in takeover of Oracle Edge Cloud Infrastructure Designer and Visualisation Toolkit. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)."}, {"lang": "es", "value": "Vulnerabilidad en el producto Oracle Edge Cloud Infrastructure Designer and Visualisation Toolkit de Oracle Open Source Projects (componente: Desktop). La versi\u00f3n soportada que est\u00e1 afectada es 0.3.0. Una vulnerabilidad f\u00e1cilmente explotable permite a un atacante no autenticado con acceso de red v\u00eda HTTP comprometer Oracle Edge Cloud Infrastructure Designer and Visualisation Toolkit. Los ataques exitosos de esta vulnerabilidad pueden resultar en la toma de control de Oracle Edge Cloud Infrastructure Designer and Visualisation Toolkit. Puntuaci\u00f3n Base CVSS 3.1 9.8 (impactos en Confidencialidad, Integridad y Disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)."}], "id": "CVE-2026-21994", "lastModified": "2026-03-18T15:16:27.927", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "secalert_us@oracle.com", "type": "Secondary"}]}, "published": "2026-03-17T23:16:17.310", "references": [{"source": "secalert_us@oracle.com", "url": "https://www.oracle.com/security-alerts/all-oracle-cves-outside-other-oracle-public-documents.html"}], "sourceIdentifier": "secalert_us@oracle.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-284"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "0.3.0"}}], "enrichment": {"confidence": 100.0, "confidence_source": "inferred", "scores": [{"score": 100.0, "source": "inferred"}]}, "product": "edge_cloud_infrastructure_designer_and_visualisation_toolkit", "vendor": "oracle"}], "analysis": {"en": {"generated_at": "2026-03-18T16:23:45.690111+00:00", "value": {"mitigation_remediation": ["Apply the vendor patch for Oracle Edge Cloud Infrastructure Designer and Visualisation Toolkit as soon as it is released.", "If a patch is not yet available, restrict HTTP access to the product to trusted IP ranges or disable HTTP exposure completely.", "Monitor system and application logs for suspicious activity, especially for anomalous HTTP requests.", "Regularly review Oracle security alerts and updates to ensure timely patch deployment."], "summary": {"action": "Patch ASAP", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "Affected vendor: Oracle Corporation. Product: Oracle Edge Cloud Infrastructure Designer and Visualisation Toolkit, version 0.3.0 only. The product is part of the Oracle Open Source Projects (component: Desktop).", "description_and_impact": "The vulnerability resides in the Oracle Edge Cloud Infrastructure Designer and Visualisation Toolkit, allowing an unauthenticated attacker with network access via HTTP to completely compromise the application. The impact covers confidentiality, integrity and availability, resulting in full takeover of the product. This is a classic access\u2011control flaw (CWE\u2011284) that gives the attacker complete control over the system without any authentication.", "risk_and_exploitability": "The CVSS v3.1 base score is 9.8, reflecting the severe impact of this flaw. The EPSS score is less than 1%, indicating a low probability of exploitation at present, and the vulnerability is not listed in the CISA KEV catalog. Nonetheless, the attack vector is network\u2011based (HTTP) and requires no authentication, making it highly actionable for anyone with internet connectivity to the target."}}}}, "created": "2026-03-18T10:42:37.489279+00:00", "title": "Unauthenticated Remote Code Execution via HTTP in Oracle Edge Cloud Infrastructure Designer 0.3.0", "updated": "2026-03-24T10:54:26.205626+00:00", "vendors": ["oracle", "oracle$PRODUCT$edge_cloud_infrastructure_designer_and_visualisation_toolkit"]}