Despite the high CVSS scores for those bugs, patching teams will probably want to start with a clutch of older but still serious flaws for which proof-of-concept (PoC) exploit code reportedly exists: CVE-2025-15467, CVE-2025-58050, and CVE-2026-25646 in Oracle Communications Unified Assurance network management, and CVE-2026-2332 in Oracle REST Data Services.
All relate to open source components embedded in Oracle products, and one, CVE-2025-58050, was first made public last August, underlining how long it can take to patch supply chain flaws in modern platforms.
Another priority fix should be CVE-2026-46840, with a perfect CVSS rating of ’10’. It’s a vulnerability in the backend-as-a-service component of REST Data Services versions 24.2.0 through 26.1.0.
REST Data Services is a gateway that exposes corporate databases via APIs. This flaw makes that interface easily exploitable by an unauthenticated attacker via HTTPS, resulting in a takeover of the gateway, making it a high priority for attackers.
