CVE-2026-35253
MEDIUMOracle Macaron Tool v0.22.0 - Unauthenticated Origin Validation Error via HTTP
Title source: llmDescription
Vulnerability in the Oracle Macoron Tool product of Oracle Open Source Projects. The supported versions that is affected is v0.22.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Macaron Tool. Successful attacks of this vulnerability can result in Oracle Macaron Tool failing host address validation.
References (1)
Core 1
Core References
Vendor Advisory vendor-advisory
Oracle Advisory
https://www.oracle.com/security-alerts/all-oracle-cves-outside-other-oracle-public-documents.html
Scores
CVSS v3
4.7
EPSS
0.0001
EPSS Percentile
0.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-346
CWE-601
Status
published
Products (3)
oracle/macaron
0.22.0
oracle/macoron
0.22.0
Oracle Corporation/Oracle Macaron Tool of Oracle Open Source Projects
v0.22.0
Published
May 06, 2026
Tracked Since
May 06, 2026