Critical Oracle Identity Manager Zero-Day Exploited in Wild

Oracle Corporation has released an emergency security patch for CVE-2026-21992, a critical vulnerability in Oracle Identity Manager that enables unauthenticated remote code execution with a CVSS score of 9.8 out of 10. The flaw affects enterprise identity management systems and has been actively exploited within hours of disclosure, indicating coordinated attacker preparation.

The vulnerability exists in the identity verification module where improper input validation allows malicious actors to inject and execute code remotely without authentication requirements. Enterprise environments running Oracle Identity Manager versions 12.2.1.3.0 and 12.2.1.4.0 are particularly vulnerable and require immediate patching. Security researchers discovered active exploitation attempts shortly after the vulnerability's disclosure.

The technical details reveal that attackers can completely compromise identity management infrastructure, potentially affecting thousands of enterprise users' access controls and authentication systems. Organizations are advised to immediately apply the emergency patch, implement network segmentation to isolate identity management systems, and monitor for unusual authentication activities.