VDB
GCVE-110-NCSC-2026-28
GCVE-110-NCSC-2026-28
Advisory PublishedCVSS 9.1/10
Multiple vulnerabilities across Oracle products, including Middleware, Business Intelligence, and SOA Suite, as well as XMLBeans, expose systems to unauthorized access and denial of service, with CVSS scores ranging from 7.3 to 9.1.
Weaknesses (CWE)
CWE-776Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')CWE-502Deserialization of Untrusted DataCWE-674Uncontrolled RecursionCWE-125Out-of-bounds ReadCWE-20Improper Input ValidationCWE-121Stack-based Buffer Overflow
Risk Scores
CVSS 3.1
9.1/10
Critical · CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Oracle | vers:unknown/* | — | — |
Browse GCVE Records
72,148 records in the GCVE database · Updated July 14, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.