Oracle vulnerability (CVE-2026-21992) impacts core products

**Executive Summary:** Oracle disclosed a critical CVE-2026-21992 (CVSS 9.8) impacting Oracle Identity Manager and Oracle Web Services Manager that permits unauthenticated remote code execution via HTTP because key functions lack network-level authentication; no active exploitation has been reported and customers are advised to identify affected components and apply patches.