PatchSiren cyber security CVE debrief
CVE-2026-46770 Oracle Corporation CVE debrief
CVE-2026-46770 is a medium-severity vulnerability in the Oracle Application Development Framework (ADF) product of Oracle Fusion Middleware (component: Security Framework). The vulnerability allows an unauthenticated attacker with network access via HTTP to compromise Oracle Application Development Framework (ADF). Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Application Development Framework (ADF), attacks may significantly impact additional products (scope change). The vulnerability affects versions 12.2.1.4.0 and 14.1.2.0.0 of Oracle Application Development Framework (ADF).
- Vendor
- Oracle Corporation
- Product
- Oracle Application Development Framework (ADF)
- CVSS
- MEDIUM 6.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-17
- Original CVE updated
- 2026-06-18
- Advisory published
- 2026-06-17
- Advisory updated
- 2026-06-18
Who should care
Users of Oracle Application Development Framework (ADF) versions 12.2.1.4.0 and 14.1.2.0.0 should apply patches or mitigations provided by Oracle Corporation. This includes operators, platform administrators, vulnerability management teams, and security teams who need to assess the risk and apply necessary mitigations.
Technical summary
CVE-2026-46770 is a vulnerability in the Oracle Application Development Framework (ADF) product of Oracle Fusion Middleware (component: Security Framework). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Development Framework (ADF). Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Application Development Framework (ADF), attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Development Framework (ADF) accessible data as well as unauthorized read access to a subset of Oracle Application Development Framework (ADF) accessible data.
Defensive priority
Apply patches or mitigations provided by Oracle Corporation.
Recommended defensive actions
- Apply patches or mitigations provided by Oracle Corporation.
- Restrict network access to Oracle Application Development Framework (ADF).
- Monitor for suspicious activity.
- Review compensating controls for exposed systems while remediation is scheduled and verified.
- Check relevant monitoring, detection, and logs for exposed assets that need extra review.
- Track exceptions, retest remediated assets, and close the item only after evidence is documented.
- Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up.
Evidence notes
The CVE record was published on 2026-06-17T10:53:54.527Z and was last modified on 2026-06-18T20:24:17.187Z. The source of this information is the NVD and CVE.org. The evidence is limited to publicly available data and may not reflect the full scope of the vulnerability. Defenders should verify the affected scope and vendor guidance with Oracle Corporation.
Official resources
-
CVE-2026-46770 CVE record
CVE.org
-
CVE-2026-46770 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-06-17T10:53:54.527Z and has not been modified since then.