PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-46772 Oracle Corporation CVE debrief

A vulnerability was discovered in the Oracle Application Development Framework (ADF) product of Oracle Fusion Middleware (component: ADF Faces). The affected versions are 12.2.1.4.0 and 14.1.2.0.0. This difficult-to-exploit vulnerability allows a high-privileged attacker with logon to the infrastructure where Oracle Application Development Framework (ADF) executes to compromise Oracle Application Development Framework (ADF). Successful attacks can result in unauthorized access to critical data or complete access to all Oracle Application Development Framework (ADF) accessible data, as well as unauthorized update, insert or delete access to some of Oracle Application Development Framework (ADF) accessible data. The vulnerability has a CVSS 3.1 Base Score of 4.7, indicating a medium severity.

Vendor
Oracle Corporation
Product
Oracle Application Development Framework (ADF)
CVSS
MEDIUM 4.7
CISA KEV
Not listed in stored evidence
Original CVE published
2026-06-17
Original CVE updated
2026-06-18
Advisory published
2026-06-17
Advisory updated
2026-06-18

Who should care

Administrators and users of Oracle Application Development Framework (ADF) versions 12.2.1.4.0 and 14.1.2.0.0 should apply the necessary patches to prevent potential exploitation. This is especially critical for environments where high-privileged access is a concern.

Technical summary

The vulnerability has a CVSS 3.1 Base Score of 4.7, indicating a medium severity. The CVSS Vector is (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:L/A:N), reflecting the confidentiality and integrity impacts. The weakness associated with this vulnerability is CWE-284. This vulnerability affects Oracle Application Development Framework (ADF) product of Oracle Fusion Middleware (component: ADF Faces) versions 12.2.1.4.0 and 14.1.2.0.0.

Defensive priority

Medium priority should be given to applying patches for this vulnerability, especially in environments where high-privileged access is a concern.

Recommended defensive actions

  • Apply the patches provided by Oracle for the affected versions of Oracle Application Development Framework (ADF).
  • Restrict access to the infrastructure where Oracle Application Development Framework (ADF) executes to only necessary personnel.
  • Monitor for any suspicious activity related to Oracle Application Development Framework (ADF).
  • Review compensating controls for exposed systems while remediation is scheduled and verified.
  • Check relevant monitoring, detection, and logs for exposed assets that need extra review.
  • Track exceptions, retest remediated assets, and close the item only after evidence is documented.
  • Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up.

Evidence notes

The CVE record was published on 2026-06-17T10:53:54.737Z and was last modified on 2026-06-18T20:23:41.483Z. The NVD entry is currently Analyzed. This information is based on the provided source corpus. Further verification is recommended to ensure accuracy.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-06-17T10:53:54.737Z and has not been modified since then. The NVD entry is currently Analyzed.