CVE-2026-35228

Published: Mag 05, 2026 Last Modified: Mag 05, 2026

ExploitDB:

Other exploit source:

Google Dorks:

HIGH 8,7

Source: [email protected]

Attack Vector: network

Attack Complexity: low

Privileges Required: low

User Interaction: required

Scope: changed

Confidentiality: high

Integrity: high

Availability: none

Description

AI Translation Available

Vulnerability in the Oracle MCP Server Helper Tool product of Oracle Open Source Projects (component: helper tool). The supported versions that is affected is 1.0.1-1.0.156. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle MCP Server Helper Tool. Successful attacks of this vulnerability can result in Oracle MCP Server Helper Tool executing malicious SQL.

https://www.oracle.com/security-alerts/all-oracle-cves-outs…

https://www.oracle.com/security-alerts/all-oracle-cves-outside-other-oracle-pub…

CVE-2026-35228

Description

Iscriviti alla newsletter