CVE-2026-35312 – Oracle Virtual Directory

CVSS 9.8 CRITICAL Critical or Zero Day – Immediate Deployment

“A critical directory vulnerability can undermine the systems that connect users, applications, and data.”

This patch addresses CVE-2026-35312 in Oracle Virtual Directory. The vulnerability affects Oracle's directory virtualization platform, which is commonly used to aggregate, manage, and present identity information from multiple directory sources across enterprise environments.

CVE-2026-35312 has a CVSS score of 9.8, which is Critical severity.

No verified exploitation has been reported. The Critical severity rating makes this a high-priority update for organizations that rely on Oracle Virtual Directory to support authentication, identity management, and directory integration services.

Key Details

Affected Product
Oracle Virtual Directory
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
CWE Classification
CWE-284
Patch this CVE on all your endpoints in under 5 minutes. First 200 endpoints are free forever, scale as needed.