PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-46958 Oracle Corporation CVE debrief

A high-severity vulnerability was discovered in Oracle Subledger Accounting, a component of Oracle E-Business Suite. This vulnerability, tracked as CVE-2026-46958, has a CVSS 3.1 Base Score of 7.5, indicating high impacts on confidentiality, integrity, and availability. The vulnerability affects versions 12.2.3 through 12.2.15 of Oracle Subledger Accounting and can be exploited by a low-privileged attacker with network access via HTTP, potentially leading to a takeover of the affected system.

Vendor
Oracle Corporation
Product
Oracle Subledger Accounting
CVSS
HIGH 7.5
CISA KEV
Not listed in stored evidence
Original CVE published
2026-06-17
Original CVE updated
2026-06-18
Advisory published
2026-06-17
Advisory updated
2026-06-18

Who should care

Organizations using Oracle E-Business Suite, specifically those with Oracle Subledger Accounting versions 12.2.3 through 12.2.15, should be aware of this vulnerability and take immediate action to mitigate the risk. This includes applying the necessary patches or workarounds provided by Oracle and ensuring that network access to the affected systems is properly secured.

Technical summary

The vulnerability in Oracle Subledger Accounting (CVE-2026-46958) is a difficult-to-exploit issue that allows a low-privileged attacker with network access via HTTP to compromise the system. Successful exploitation can lead to a takeover of Oracle Subledger Accounting. The CVSS 3.1 vector for this vulnerability is AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H, reflecting high impacts on confidentiality, integrity, and availability.

Defensive priority

High

Recommended defensive actions

  • Apply the security patch provided by Oracle for Oracle Subledger Accounting versions 12.2.3 through 12.2.15.
  • Implement network access controls to restrict HTTP access to the affected systems.
  • Monitor system logs for suspicious activity related to Oracle Subledger Accounting.
  • Conduct regular vulnerability assessments and penetration testing to identify and address potential weaknesses.
  • Ensure that all users have the least privileges necessary to perform their tasks.

Evidence notes

The CVE record was published on 2026-06-17T10:54:14.950Z and was last modified on 2026-06-18T22:17:48.640Z. The NVD entry is currently Analyzed. The vulnerability affects Oracle Subledger Accounting versions 12.2.3 through 12.2.15.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-06-17T10:54:14.950Z and has not been modified since then. The NVD entry is currently Analyzed.