External risk intelligence

Oracle Unified Directory LDAP Takeover Vulnerability

CVE advisorySeverity: CRITICAL (CVSS 9.8)

CVE-2026-46773

A critical vulnerability exists in Oracle Unified Directory, allowing unauthenticated network attackers to potentially take over the directory service. This could impact confidentiality, integrity, and availability. The relevance and exposure of this product within our environment need to be confirmed.

Halo Surface Signal

Likely · external exposure

4Halo Surface Signal

Oracle Unified Directory is an identity management and directory service. While LDAP is often used internally, directory services are frequently exposed to support remote authentication, federated identity, and cross-network service integration, making internet or wide-area network reachability a common deployment pattern for this type of infrastructure.

Horizon Alert

Summary of the vulnerability and why it matters

A critical vulnerability has been identified in Oracle Unified Directory, a component of Oracle Fusion Middleware. This issue, if exploited by an unauthenticated attacker with network access, could lead to a complete takeover of the directory service, impacting confidentiality, integrity, and availability with a high severity score. The main concern at this time is confirming the relevance and exposure of this product within our environment.

  • Unauthenticated network access can fully compromise this directory service.
  • It's a critical flaw impacting core identity and directory functions.
  • Confirm Oracle Unified Directory relevance and assess exposure.

Attack Path

How an attacker could exploit the issue

An attacker could gain access to Oracle Unified Directory by leveraging its network accessibility through the LDAP protocol, even without prior authentication. This exposure allows them to target the OUD Core component, potentially leading to a complete compromise of the directory service.

  • Network access via LDAP required.
  • Unauthenticated attacker can trigger.
  • Complete takeover of the directory.

Live Threat

Current exploitation, exposure, and threat context

An unauthenticated attacker with network access could compromise Oracle Unified Directory by exploiting this vulnerability through LDAP, potentially leading to a complete takeover of the directory service.

  • Directory service data at risk.
  • Unauthenticated network access via LDAP.
  • Complete takeover of the directory.

Operational Fix

Recommended remediation, mitigation, and detection steps

Teams responsible for Oracle Unified Directory (OUD) infrastructure and the applications it supports should prioritize understanding the scope of this critical vulnerability. The first practical step involves identifying all OUD instances, assessing their network accessibility, business criticality, and confirming ownership. This will inform a risk-based remediation plan, potentially involving coordination with Oracle and application stakeholders.

  • Application and infrastructure owners should manage remediation.
  • Verify OUD instances and their network exposure.
  • Plan remediation based on business criticality.

Supplementary metadata

PCI scan relevance

Yes

CVE-2026-46773 — Halo PCI Relevance: Yes. Under typical PCI ASV external scan criteria, this issue may be flagged for scan prioritization.

This vulnerability allows an unauthenticated attacker to compromise Oracle Unified Directory, which could lead to a scan failure during PCI assessments.

Scan-prioritization guidance only—not a PCI DSS certification or ASV attestation.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Validate whether this threat affects your internet-facing exposure.

Halo Threat Intelligence helps prioritize remediation with Halo Surface Signal and H/A/L/O context. Start exposure validation with a free external attack surface trial.

Free EASM Trial See How Signal Works

Frequently asked questions

What is Oracle Unified Directory?

Oracle Unified Directory is a component of Oracle Fusion Middleware that functions as an identity management and directory service. It acts as a central repository for user information, credentials, and configuration data. Organizations use it to centralize how applications and services authenticate users, manage identity profiles, and integrate directory data across complex enterprise networks.

How does CVE-2026-46773 impact security?

This vulnerability is classified as an improper access control issue, represented by CWE-284. It signifies that the software does not correctly restrict unauthorized actions. In the context of CVE-2026-46773, this flaw allows an attacker to bypass authentication mechanisms entirely, granting them the ability to compromise the system and potentially take full control over the directory service and the sensitive data it manages.

Can any network user trigger this vulnerability?

An attacker must have network access to the directory service to attempt exploitation, specifically via the LDAP protocol. The vulnerability is triggered by sending malicious requests that the OUD Core component fails to properly validate. Simply being on the same network is a prerequisite; local access or user interaction is not required, as the flaw resides in how the service handles unauthenticated network traffic.

Is my Oracle Unified Directory installation at risk?

Halo Surface Signal indicates that while directory services are often kept on internal networks, they are frequently reachable via wide-area networks or the internet to support remote authentication and federated identity. You should care if your instances are accessible beyond your local segment, as this network reachability makes them prime targets for the unauthenticated access described in this CVE.

What should I do first to address this CVE?

Your priority is to establish visibility. Begin by performing an inventory of all Oracle Unified Directory instances within your environment. Document their network reachability, the applications relying on them, and identify the owners responsible for each. Once you have a clear map of where the software is deployed and how it is exposed to the network, you can coordinate with your teams to plan for necessary security updates or configuration changes.

References

Sources and related resources

Primary sources: NVD, CVE.org.

NVDPublished