cvedb.io
CVE-2026-35255
MEDIUM · CVSS 6.6
EPSS exploitation probability: 0%
Published 2026-05-06T10:16:19.827 · Last modified 2026-06-17T10:40:17.187

Summary

Vulnerability in the Oracle Cloud Native Environment Command Line Interface product of Oracle Open Source Projects. The supported versions that is affected is v2.3.2. Easily exploitable vulnerability allows unauthenticated attacker to compromise Oracle Cloud Native Environment Command Line Interface product via a malicious environment variable. Successful attacks of this vulnerability can result in Oracle Cloud Native Environment Command Line Interface allowing users to execute arbitrary code.

Affected products

oracle — cloud_native_environment_command_line_interface

Does this affect you?

Add your gear to cvedb and we'll alert you only when oracle ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.