CVE-2026-35254

medium

Description

Vulnerability in the Oracle OCI CLI product of Oracle Open Source Projects. The supported versions that is affected is 3.77. Easily exploitable vulnerability allows unauthenticated attacker with network access to compromise Oracle OCI CLI. Successful attacks of this vulnerability can result in Oracle OCI CLI allowing users to place imported files outside the intended directory.

References

https://www.oracle.com/security-alerts/all-oracle-cves-outside-other-oracle-public-documents.html

Details

Source: Mitre, NVD

Published: 2026-05-06

Updated: 2026-05-06

Risk Information

CVSS v2

Base Score: 5.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:N/I:C/A:P

Severity: Medium

CVSS v3

Base Score: 6.1

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:L