What is CVE-2026-35254?

CVE-2026-35254 is a medium-severity vulnerability in Oracle Cloud_infrastructure_cli, classified under Path Traversal. CVSS score: 6.1/10. Published 2026-05-06.

How severe is CVE-2026-35254?

Medium severity. CVSS v3 base score is 6.1 out of 10.

Path Traversal in Oracle Cloud_infrastructure_cli

CVE-2026-35254

Vulnerability in the Oracle OCI CLI product of Oracle Open Source Projects. The supported versions that is affected is 3.77. Easily exploitable vulnerability allows unauthenticated attacker with network access to compromise Oracle OCI CLI…

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.000 (4.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.1 (Medium). Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:L.

Affected products

Oracle Cloud_infrastructure_cli — versions 3.77
Oracle Corporation Oci Cli Of Open Source Projects — versions 3.77.0

Weakness classification (CWE)

CWE-22 — Path Traversal

References

Oracle Advisory (vendor-advisory, Not Applicable)

Frequently asked questions

What is CVE-2026-35254?: CVE-2026-35254 is a medium-severity vulnerability in Oracle Cloud_infrastructure_cli, classified under Path Traversal. CVSS score: 6.1/10. Published 2026-05-06.
How severe is CVE-2026-35254?: Medium severity. CVSS v3 base score is 6.1 out of 10.