External risk intelligence

Oracle Virtual Directory LDAP Takeover Vulnerability

CVE advisorySeverity: CRITICAL (CVSS 9.8)

CVE-2026-35312

A critical vulnerability in Oracle Virtual Directory could allow unauthenticated attackers with network access via LDAP to take over the system. This impacts identity and data access management capabilities. Confirmation of product reachability and criticality is advised.

Halo Surface Signal

Possible · external exposure

3Halo Surface Signal

Oracle Virtual Directory is typically used as a middleware component for identity integration and data abstraction. While it utilizes the LDAP protocol and can be exposed to a network, it is generally deployed within internal infrastructure to support backend services rather than being directly exposed to the public internet.

Horizon Alert

Summary of the vulnerability and why it matters

A vulnerability has been identified in Oracle Virtual Directory, a component of Oracle Fusion Middleware. This issue is critical because it can be exploited by an attacker over the network without authentication, potentially leading to a complete takeover of the Oracle Virtual Directory. The broad impact stems from the system's role in managing identity and data access within an organization's infrastructure.

Unauthenticated network attackers can fully compromise Oracle Virtual Directory.
This impacts core identity and data access management capabilities.
Confirm relevance and exposure of Oracle Virtual Directory.

Attack Path

How an attacker could exploit the issue

An attacker can exploit this vulnerability by sending malicious requests over the network to the Oracle Virtual Directory using the LDAP protocol. Because no authentication is required, an unauthenticated attacker can leverage this exposure to compromise the directory server, potentially leading to a full takeover of the system.

Attacker needs network access.
Attacker triggers with LDAP requests.
Complete takeover of the directory.

Live Threat

Current exploitation, exposure, and threat context

This vulnerability in Oracle Virtual Directory could allow an attacker to gain complete control of the directory service. The attacker could exploit this by accessing the service over the network using the LDAP protocol, without needing any prior authentication. This could affect the availability and integrity of the directory service and any data it manages, as the attacker could potentially modify or delete information.

Directory service data at risk.
Network access via LDAP.
Takeover of the service.

Operational Fix

Recommended remediation, mitigation, and detection steps

Oracle Virtual Directory, a component of Oracle Fusion Middleware, is susceptible to a critical vulnerability. Given its role in identity integration and data abstraction, the infrastructure, platform, and security teams are likely responsible for managing this technology. The immediate priority is to identify all instances of the affected product, determine their network reachability and business criticality, and then assign ownership for remediation planning.

Infrastructure and Platform teams own resolution.
Verify network exposure and business impact.
Plan and execute vendor-coordinated updates.

Supplementary metadata

PCI scan relevance

Yes

CVE-2026-35312 — Halo PCI Relevance: Yes. Under typical PCI ASV external scan criteria, this issue may be flagged for scan prioritization.

This Oracle Virtual Directory vulnerability allows an unauthenticated attacker to take over the product, indicating a potential for authentication bypass that would likely cause a PCI ASV scan to fail.

Scan-prioritization guidance only—not a PCI DSS certification or ASV attestation.

CVSS vector

Validate whether this threat affects your internet-facing exposure.

Halo Threat Intelligence helps prioritize remediation with Halo Surface Signal and H/A/L/O context. Start exposure validation with a free external attack surface trial.

Free EASM Trial See How Signal Works

Frequently asked questions

What is Oracle Virtual Directory?

Oracle Virtual Directory is a middleware component within Oracle Fusion Middleware. It acts as an abstraction layer that integrates various identity data sources, allowing applications to view and manage fragmented directory information as if it were a single, unified source.

What does CWE-284 mean for CVE-2026-35312?

CWE-284 refers to Improper Access Control. In the context of CVE-2026-35312, this indicates that the software fails to properly restrict access to its core functions. Consequently, an unauthenticated user can bypass security protections to gain unauthorized control over the directory server.

How is this vulnerability triggered?

An attacker triggers this vulnerability by sending specially crafted LDAP requests over the network. Because the system lacks proper authentication checks, it accepts these malicious requests directly. Note that this flaw does not require the attacker to have valid login credentials or prior session access to the target system.

Do I need to worry about this if my server is internal?

Yes, even if your server is not on the public internet. According to Halo Surface Signal, this component is typically deployed within internal infrastructure. However, any attacker who has gained a foothold inside your network—or has access to the internal network segments where the directory resides—can still reach and exploit the service.

How should I respond to this vulnerability?

Your first step is to conduct an inventory to identify all instances of Oracle Virtual Directory running versions 12.2.1.4.0 or 14.1.2.0.0. Once identified, evaluate the network reachability for each instance and coordinate with your infrastructure and platform teams to prioritize remediation planning according to official vendor guidance.

References

www.oracle.com/security-alerts/cspujun2026.html

Written by Nicholas Merritt

External-surface CVE analysis and Halo Surface Signal prioritization for Halo Threat Intelligence.