VDB

GCVE-110-NCSC-2026-28

GCVE-110-NCSC-2026-28
Advisory PublishedCVSS 9.1/10
Vulnetix · Advisory published January 21, 2026
Multiple vulnerabilities across Oracle products, including Middleware, Business Intelligence, and SOA Suite, as well as XMLBeans, expose systems to unauthorized access and denial of service, with CVSS scores ranging from 7.3 to 9.1.

Weaknesses (CWE)

CWE-776Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')CWE-502Deserialization of Untrusted DataCWE-674Uncontrolled RecursionCWE-125Out-of-bounds ReadCWE-20Improper Input ValidationCWE-121Stack-based Buffer Overflow

Risk Scores

CVSS 3.1
9.1/10
Critical · CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Affected Products

VendorProductVersionsPlatforms
Oraclevers:unknown/*

References

advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory

Browse GCVE Records

72,148 records in the GCVE database · Updated July 14, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›