By Lawrence Abrams
Publication Date: 2026-03-20 18:48:00
Oracle has released an out-of-band security update to address a critical unauthenticated remote code execution vulnerability in Identity Manager and Web Services Manager, tracked as CVE-2026-21992.
Oracle Identity Manager is used to manage identities and access across the enterprise, while Oracle Web Services Manager provides security and administrative controls for web services.
In an advisory published yesterday, Oracle “strongly recommends” its customers apply the patches as quickly as possible.
“This security alert addresses vulnerability CVE-2026-21992 in Oracle Identity Manager and Oracle Web Services Manager. This vulnerability can be exploited remotely without authentication. If successfully exploited, this vulnerability could lead to remote code execution,” the notification said Safety notice.
“Oracle strongly encourages customers to apply any updates or mitigations provided in this security alert as soon as possible. Oracle always encourages customers to stay informed…
%20(1)%20(3).webp?ssl=1 "Oracle releases critical security patch to address 337 vulnerabilities across all product families")
