CVE-2026-35255

Vulnerability in the Oracle Cloud Native Environment Command Line Interface product of Oracle Open Source Projects. The supported versions that is affected is v2.3.2. Easily exploitable vulnerability allows unauthenticated attacker to compromise Oracle Cloud Native Environment Command Line Interface...

medium 6.6 CVSS 3.1

Published: May 6, 2026

Modified: May 6, 2026

Vendor: Oracle

Product: Cloud Native Environment Command Line Interface

Versions: 2.3.2

Description

Vulnerability in the Oracle Cloud Native Environment Command Line Interface product of Oracle Open Source Projects. The supported versions that is affected is v2.3.2. Easily exploitable vulnerability allows unauthenticated attacker to compromise Oracle Cloud Native Environment Command Line Interface product via a malicious environment variable. Successful attacks of this vulnerability can result in Oracle Cloud Native Environment Command Line Interface allowing users to execute arbitrary code.

References

https://www.oracle.com/security-alerts/all-oracle-cves-outside-other-oracle-public-documents.html

Related CVEs

CVSS Breakdown

Version	3.1
Score	6.6 / 10
Severity	medium

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

Weakness (CWE)

CWE-94

Affected Product

Vendor	Oracle
Product	Cloud Native Environment Command Line Interface
Versions	2.3.2