PatchSiren cyber security CVE debrief
CVE-2026-46938 Oracle Corporation CVE debrief
A high-severity vulnerability was discovered in Oracle Cost Management, a product of Oracle E-Business Suite. The vulnerability, tracked as CVE-2026-46938, has a CVSS score of 7.2 and can be easily exploited by a high-privileged attacker with network access via HTTP, potentially leading to a takeover of Oracle Cost Management. The vulnerability is located in the Cost Planning component. The CVSS vector is CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H, indicating a high impact on confidentiality, integrity, and availability.
- Vendor
- Oracle Corporation
- Product
- Oracle Cost Management
- CVSS
- HIGH 7.2
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-17
- Original CVE updated
- 2026-06-18
- Advisory published
- 2026-06-17
- Advisory updated
- 2026-06-18
Who should care
Organizations using Oracle Cost Management versions 12.2.3-12.2.15 should prioritize patching this vulnerability to prevent potential exploitation. Affected operators and security teams should review the vulnerability and plan for mitigation. Platform administrators and vulnerability management teams should also be aware of the potential impact.
Technical summary
The vulnerability is located in the Cost Planning component of Oracle Cost Management, a product of Oracle E-Business Suite. It has a CVSS vector of CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H, indicating a high impact on confidentiality, integrity, and availability. The vulnerability is easily exploitable and requires high privileges and network access via HTTP. Successful attacks can result in takeover of Oracle Cost Management. Organizations using Oracle Cost Management versions 12.2.3-12.2.15 are affected, specifically those with deployments in managed environments. Affected operators and security teams should review the vulnerability and plan for mitigation, including applying patches provided by Oracle Corporation, restricting network access, monitoring for suspicious activity, reviewing and updating access controls, performing vulnerability scanning and asset inventory, implementing compensating controls for exposed systems, and tracking exceptions and retesting remediated assets.
Defensive priority
High
Recommended defensive actions
- Apply the patch provided by Oracle Corporation
- Restrict network access to Oracle Cost Management
- Monitor for suspicious activity
- Review and update access controls
- Perform vulnerability scanning and asset inventory
- Implement compensating controls for exposed systems
- Track exceptions and retest remediated assets
Evidence notes
The CVE record was published on 2026-06-17T10:54:13.280Z and last modified on 2026-06-18T21:06:38.987Z. The NVD entry is currently Analyzed. The vulnerability is in Oracle Cost Management, a product of Oracle E-Business Suite, specifically in the Cost Planning component. Evidence is based on the CVE record and NVD entry, which may have limited information. Defenders should verify affected scope and vendor guidance.
Official resources
-
CVE-2026-46938 CVE record
CVE.org
-
CVE-2026-46938 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-06-17T10:54:13.280Z and has not been modified since then. The NVD entry is currently Analyzed.