PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-46770 Oracle Corporation CVE debrief

CVE-2026-46770 is a medium-severity vulnerability in the Oracle Application Development Framework (ADF) product of Oracle Fusion Middleware (component: Security Framework). The vulnerability allows an unauthenticated attacker with network access via HTTP to compromise Oracle Application Development Framework (ADF). Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Application Development Framework (ADF), attacks may significantly impact additional products (scope change). The vulnerability affects versions 12.2.1.4.0 and 14.1.2.0.0 of Oracle Application Development Framework (ADF).

Vendor
Oracle Corporation
Product
Oracle Application Development Framework (ADF)
CVSS
MEDIUM 6.1
CISA KEV
Not listed in stored evidence
Original CVE published
2026-06-17
Original CVE updated
2026-06-18
Advisory published
2026-06-17
Advisory updated
2026-06-18

Who should care

Users of Oracle Application Development Framework (ADF) versions 12.2.1.4.0 and 14.1.2.0.0 should apply patches or mitigations provided by Oracle Corporation. This includes operators, platform administrators, vulnerability management teams, and security teams who need to assess the risk and apply necessary mitigations.

Technical summary

CVE-2026-46770 is a vulnerability in the Oracle Application Development Framework (ADF) product of Oracle Fusion Middleware (component: Security Framework). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Development Framework (ADF). Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Application Development Framework (ADF), attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Development Framework (ADF) accessible data as well as unauthorized read access to a subset of Oracle Application Development Framework (ADF) accessible data.

Defensive priority

Apply patches or mitigations provided by Oracle Corporation.

Recommended defensive actions

  • Apply patches or mitigations provided by Oracle Corporation.
  • Restrict network access to Oracle Application Development Framework (ADF).
  • Monitor for suspicious activity.
  • Review compensating controls for exposed systems while remediation is scheduled and verified.
  • Check relevant monitoring, detection, and logs for exposed assets that need extra review.
  • Track exceptions, retest remediated assets, and close the item only after evidence is documented.
  • Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up.

Evidence notes

The CVE record was published on 2026-06-17T10:53:54.527Z and was last modified on 2026-06-18T20:24:17.187Z. The source of this information is the NVD and CVE.org. The evidence is limited to publicly available data and may not reflect the full scope of the vulnerability. Defenders should verify the affected scope and vendor guidance with Oracle Corporation.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-06-17T10:53:54.527Z and has not been modified since then.