CVE-2026-35255
MEDIUMOracle Cloud Native Environment Command Line Interface - Arbitrary Code Execution
Title source: ruleDescription
Vulnerability in the Oracle Cloud Native Environment Command Line Interface product of Oracle Open Source Projects. The supported versions that is affected is v2.3.2. Easily exploitable vulnerability allows unauthenticated attacker to compromise Oracle Cloud Native Environment Command Line Interface product via a malicious environment variable. Successful attacks of this vulnerability can result in Oracle Cloud Native Environment Command Line Interface allowing users to execute arbitrary code.
References (1)
Core 1
Core References
Vendor Advisory vendor-advisory
Oracle Advisory
https://www.oracle.com/security-alerts/all-oracle-cves-outside-other-oracle-public-documents.html
Scores
CVSS v3
6.6
EPSS
0.0004
EPSS Percentile
12.4%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-94
Status
published
Products (2)
oracle/cloud_native_environment_command_line_interface
2.3.2
Oracle Corporation/Oracle Cloud Native Environment Command Line Interface
v2.3.2
Published
May 06, 2026
Tracked Since
May 06, 2026