CVE-2026-35255 | THREATINT

Description

Vulnerability in the Oracle Cloud Native Environment Command Line Interface product of Oracle Open Source Projects. The supported versions that is affected is v2.3.2. Easily exploitable vulnerability allows unauthenticated attacker to compromise Oracle Cloud Native Environment Command Line Interface product via a malicious environment variable. Successful attacks of this vulnerability can result in Oracle Cloud Native Environment Command Line Interface allowing users to execute arbitrary code.

PUBLISHED Reserved 2026-04-01 | Published 2026-05-06 | Updated 2026-05-06 | Assigner oracle

MEDIUM: 6.6CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

Problem types

Vulnerability in the Oracle Cloud Native Environment Command Line Interface product of Oracle Open Source Projects. The supported versions that is affected is v2.3.2. Easily exploitable vulnerability allows unauthenticated attacker to compromise Oracle Cloud Native Environment Command Line Interface product via a malicious environment variable. Successful attacks of this vulnerability can result in Oracle Cloud Native Environment Command Line Interface allowing users to execute arbitrary code.

Product status

v2.3.2

affected

References

www.oracle.com/...outside-other-oracle-public-documents.html (Oracle Advisory) vendor-advisory

cve.org (CVE-2026-35255)

nvd.nist.gov (CVE-2026-35255)

Download JSON

help @ threatint.eu