CVE-2026-35228HIGH 8.7EPSS p12.5%

CVE-2026-35228CVE-2026-35228

Description

Vulnerability in the Oracle MCP Server Helper Tool product of Oracle Open Source Projects (component: helper tool). The supported versions that is affected is 1.0.1-1.0.156. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle MCP Server Helper Tool. Successful attacks of this vulnerability can result in Oracle MCP Server Helper Tool executing malicious SQL.

Scoring

CVSS 3.18.7 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
EPSS0.22% probability of exploitation · percentile 12.5% · 2026-06-19T12:03:05Z
Published2026-05-05
Last modified2026-05-05

Underlying weaknesses· 1

CWE-89

References

  1. https://www.oracle.com/security-alerts/all-oracle-cves-outside-other-oracle-public-documents.html

1

TypeTargetConfidenceTier
WeaknessImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')cwe-890%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-35266
CVE
Oracle PeopleSoft Enterprise PeopleTools Missing Authentication for Critical Function Vulnerability
CVE
CVE-2026-35277
CVE
CVE-2026-21994
CVE
CVE-2026-34291
CVE
CVE-2026-34279
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.