CVE-2026-35313 – Oracle Access Manager

CVSS 9.9 CRITICAL Critical or Zero Day – Immediate Deployment

“Access management weaknesses can put the front door of the enterprise at risk.”

This patch addresses two vulnerabilities in Oracle Access Manager. The update covers CVE-2026-35313 and CVE-2026-35314, affecting a core identity and access control platform used to manage authentication and application access across enterprise environments.

CVE-2026-35313 has a CVSS score of 9.9, which is Critical severity. CVE-2026-35314 has a CVSS score of 7.3, which is High severity.

No verified exploitation has been reported. The Critical severity rating makes this a high-priority update for organizations using Oracle Access Manager, especially where the platform protects business-critical applications and identity workflows.

Key Details

Affected Product
Oracle Access Manager
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
CWE Classification
CWE-284
Patch this CVE on all your endpoints in under 5 minutes. First 200 endpoints are free forever, scale as needed.