CVE-2026-35268 – Oracle Identity Manager & Identity Manager Connector

CVSS 9.9 CRITICAL Critical or Zero Day – Immediate Deployment

“Identity systems sit at the center of trust, making critical vulnerabilities impossible to ignore.”

This patch addresses multiple vulnerabilities in Oracle Identity Manager and Oracle Identity Manager Connector components. The update includes five vulnerabilities affecting Oracle Identity Manager and four vulnerabilities affecting Oracle Identity Manager Connector. These products manage authentication, provisioning, and identity lifecycle operations across enterprise environments, making them high-value targets for attackers.

CVE-2026-46807 has a CVSS score of 9.8, which is Critical severity. CVE-2026-35268 has a CVSS score of 9.9, which is Critical severity. CVE-2026-35265 has a CVSS score of 8.8, which is High severity. CVE-2026-35267 has a CVSS score of 8.8, which is High severity. CVE-2026-35269 has a CVSS score of 7.5, which is High severity.

For Oracle Identity Manager Connector, CVE-2026-35294 has a CVSS score of 9.9, which is Critical severity. CVE-2026-46792 has a CVSS score of 9.9, which is Critical severity. CVE-2026-46793 has a CVSS score of 9.9, which is Critical severity. CVE-2026-46794 has a CVSS score of 9.9, which is Critical severity.

No verified exploitation has been reported for these vulnerabilities. However, the presence of multiple Critical severity vulnerabilities within identity and access management infrastructure significantly increases organizational risk and warrants prompt remediation.

Key Details

Affected Product
Oracle Identity Manager
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
CWE Classification
CWE-284
Patch this CVE on all your endpoints in under 5 minutes. First 200 endpoints are free forever, scale as needed.