On March 20, 2026, Oracle released fixes for a critical vulnerability in its Fusion Middleware suite affecting Identity Manager and Web Services Manager, tracked as CVE-2026-21992. An unauthenticated remote threat actor can exploit this flaw to achieve remote code execution in low-complexity attacks.
At the time of writing, Oracle has not reported any exploitation of this vulnerability in the wild. Additionally, Arctic Wolf has not identified a publicly available proof-of-concept exploit. Threat actors may target this vulnerability in the future due to its ease of exploitation over the internet and the level of access it could provide. In late 2025, threat actors exploited a zero-day vulnerability in another Fusion Middleware product (Oracle E-Business Suite), using it to conduct a large-scale data theft and extortion campaign attributed to the Cl0p ransomware group.
Recommendation for CVE-2026-21992
Apply Patches
Arctic Wolf strongly recommends that customers apply the patches.
| Product | Component | Affected Version | Patch |
| Oracle Identity Manager | REST WebServices | ¡¤????? 12.2.1.4.0
¡¤????? 14.1.2.1.0 |
|
| Oracle Web Services Manager | Web Services Security | ¡¤????? 12.2.1.4.0
¡¤????? 14.1.2.1.0 |
Please follow your organization’s patching and testing guidelines to minimize potential operational impact.
