Description
Vulnerability in the Oracle Macoron Tool product of Oracle Open Source Projects. The supported versions that is affected is v0.22.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Macaron Tool. Successful attacks of this vulnerability can result in Oracle Macaron Tool failing host address validation.
Published: 2026-05-06
Score: 4.7 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An unauthenticated attacker with network access via HTTP can exploit a flaw in the Oracle Macaron Tool that causes the host address validation to fail. This failure can lead to a compromise of the tool, allowing the attacker to bypass address checks and potentially manipulate the service. The vulnerability does not explicitly claim remote code execution, but the ability to defeat validation rules may enable further exploitation or unauthorized configuration changes.

Affected Systems

Oracle Macaron Tool, part of Oracle Open Source Projects, version 0.22.0.

Risk and Exploitability

The CVSS score of 4.7 indicates a moderate level of risk. The EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog, suggesting limited widespread exploitation as yet. The attack vector is inferred to be network-based via HTTP, meaning any host exposed to the Internet or internal network could be at risk if the tool is not isolated or patched.

Generated by OpenCVE AI on May 6, 2026 at 08:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Oracle Macaron Tool to a fixed version (if a patch for 0.22.0 is available or newer release exists).
  • Restrict HTTP access to the Macaron Tool by applying network segmentation or firewall rules so that only trusted hosts can reach it.
  • Disable or restrict any endpoints that perform host address validation bypass when possible.

Generated by OpenCVE AI on May 6, 2026 at 08:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 06 May 2026 09:45:00 +0000

Type Values Removed Values Added
First Time appeared Oracle Corporation
Oracle Corporation oracle Macaron Tool Of Oracle Open Source Projects
Vendors & Products Oracle Corporation
Oracle Corporation oracle Macaron Tool Of Oracle Open Source Projects

Wed, 06 May 2026 07:30:00 +0000

Type Values Removed Values Added
Description Vulnerability in the Oracle Macoron Tool product of Oracle Open Source Projects. The supported versions that is affected is v0.22.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Macaron Tool. Successful attacks of this vulnerability can result in Oracle Macaron Tool failing host address validation.
References
Metrics cvssV3_1

{'score': 4.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: oracle

Published:

Updated: 2026-05-06T06:22:28.369Z

Reserved: 2026-04-01T20:03:40.834Z

Link: CVE-2026-35253

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-06T08:16:03.570

Modified: 2026-05-06T08:16:03.570

Link: CVE-2026-35253

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-06T09:21:15Z

Weaknesses

No weakness.