CVE-2026-35254

Vulnerability in the Oracle OCI CLI product of Oracle Open Source Projects. The supported versions that is affected is 3.77. Easily exploitable vulnerability allows unauthenticated attacker with network access to compromise Oracle OCI CLI. Successful attacks of this vulnerability can result in Oracl...

medium 6.1 CVSS 3.1

Published: May 6, 2026

Modified: May 6, 2026

Vendor: Oracle

Versions: 3.77

Description

Vulnerability in the Oracle OCI CLI product of Oracle Open Source Projects. The supported versions that is affected is 3.77. Easily exploitable vulnerability allows unauthenticated attacker with network access to compromise Oracle OCI CLI. Successful attacks of this vulnerability can result in Oracle OCI CLI allowing users to place imported files outside the intended directory.

References

https://www.oracle.com/security-alerts/all-oracle-cves-outside-other-oracle-public-documents.html

Related CVEs

CVSS Breakdown

Version	3.1
Score	6.1 / 10
Severity	medium

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:L

Weakness (CWE)

CWE-22

Affected Product

Vendor	Oracle
Product	Cloud Infrastructure Cli
Versions	3.77