CVE-2026-35254
MEDIUMOracle OCI CLI 3.77 - Unauthenticated Path Traversal via File Import
Title source: llmDescription
Vulnerability in the Oracle OCI CLI product of Oracle Open Source Projects. The supported versions that is affected is 3.77. Easily exploitable vulnerability allows unauthenticated attacker with network access to compromise Oracle OCI CLI. Successful attacks of this vulnerability can result in Oracle OCI CLI allowing users to place imported files outside the intended directory.
References (1)
Core 1
Core References
Vendor Advisory vendor-advisory
Oracle Advisory
https://www.oracle.com/security-alerts/all-oracle-cves-outside-other-oracle-public-documents.html
Scores
CVSS v3
6.1
EPSS
0.0002
EPSS Percentile
4.2%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:L
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-22
Status
published
Products (2)
oracle/cloud_infrastructure_cli
3.77
Oracle Corporation/Oracle OCI CLI of Oracle Open Source Projects
3.77.0
Published
May 06, 2026
Tracked Since
May 06, 2026