Oracle has released an out-of-band patch for a critical and easily exploitable vulnerability (CVE-2026-21992) in Oracle Identity Manager and Oracle Web Services Manager. The company did not say whether the vulnerability has been exploited as a zero-day, but has urged customers to apply the updates or provided mitigations as soon as possible. About CVE-2026-21992 CVE-2026-21992 is caused by missing authentication for a critical function. In Oracle Identity Manager – a solution for provisioning, managing and … More → The post Oracle issues emergency fix for pre-auth RCE in Identity Manager (CVE-2026-21992) appeared first on Help Net Security.