By John E. Dunn
Publication Date: 2026-06-01 20:44:00
Despite the high CVSS scores for these bugs, patching teams will likely want to start with a number of older but still serious bugs that exploit proof-of-concept (PoC) code allegedly exists: CVE-2025-15467, CVE-2025-58050And CVE-2026-25646 in Oracle Communications Unified Assurance network management and CVE-2026-2332 in Oracle REST Data Services.
All relate to open source components embedded in Oracle products, and one of them, CVE-2025-58050, was first published last August and highlights how long it can take to fix supply chain errors in modern platforms.
Another priority fix should be CVE-2026-46840, with a perfect CVSS score of “10”. This is a vulnerability in the Backend-as-a-Service component of REST Data Services versions 24.2.0 to 26.1.0.
REST Data Services is a gateway that exposes enterprise databases via APIs. This flaw makes this interface easily exploitable by an unauthenticated attacker over HTTPS, resulting in a takeover of the…
