2466970 – (CVE-2026-35254) CVE-2026-35254 Oracle OCI CLI: Oracle OCI CLI: Arbitrary file placement via unauthenticated network access

Bug 2466970 (CVE-2026-35254) - CVE-2026-35254 Oracle OCI CLI: Oracle OCI CLI: Arbitrary file placement via unauthenticated network access

Summary: CVE-2026-35254 Oracle OCI CLI: Oracle OCI CLI: Arbitrary file placement via u...

Keywords:
Status:	NEW
Alias:	CVE-2026-35254
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2026-05-06 08:01 UTC by OSIDB Bzimport
Modified:	2026-05-15 12:28 UTC (History)
CC List:	0 users
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2026-05-06 08:01:37 UTC

Vulnerability in the Oracle OCI CLI product of Oracle Open Source Projects. The supported versions that is affected is 3.77. Easily exploitable vulnerability allows unauthenticated attacker with network access to compromise Oracle OCI CLI. Successful attacks of this vulnerability can result in Oracle OCI CLI allowing users to place imported files outside the intended directory.

Note You need to log in before you can comment on or make changes to this bug.