PatchSiren cyber security CVE debrief
CVE-2026-46965 Oracle Corporation CVE debrief
A vulnerability exists in Oracle Universal Work Queue, a component of Oracle E-Business Suite. The affected versions are 12.2.3-12.2.15. This vulnerability allows a low-privileged attacker with network access via HTTP to compromise Oracle Universal Work Queue, potentially leading to its takeover. The CVSS 3.1 Base Score is 8.8, indicating high severity with impacts on Confidentiality, Integrity, and Availability. The vulnerability is easily exploitable and allows a low-privileged attacker with network access via HTTP to compromise the product. Successful attacks can result in the takeover of Oracle Universal Work Queue.
- Vendor
- Oracle Corporation
- Product
- Oracle Universal Work Queue
- CVSS
- HIGH 8.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-17
- Original CVE updated
- 2026-06-18
- Advisory published
- 2026-06-17
- Advisory updated
- 2026-06-18
Who should care
Organizations using Oracle E-Business Suite versions 12.2.3-12.2.15 should prioritize patching this vulnerability. The vulnerability's high CVSS score and potential for takeover of Oracle Universal Work Queue make it critical for security teams to address. Security teams, vulnerability management teams, and operators of Oracle E-Business Suite should review and address this vulnerability.
Technical summary
The vulnerability in Oracle Universal Work Queue, a component of Oracle E-Business Suite, is easily exploitable and allows a low-privileged attacker with network access via HTTP to compromise the product. Successful attacks can result in the takeover of Oracle Universal Work Queue. The CVSS 3.1 vector is CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, with a Base Score of 8.8. The affected versions are 12.2.3-12.2.15. To address this vulnerability, defenders should verify the affected scope, severity, and vendor guidance, and consider applying patches or mitigations as recommended by Oracle.
Defensive priority
High
Recommended defensive actions
- Apply the patch from Oracle as soon as possible
- Review and limit network access to Oracle Universal Work Queue
- Monitor for suspicious activity related to Oracle Universal Work Queue
- Ensure that the Oracle E-Business Suite is updated to a version that is not vulnerable
- Review compensating controls for exposed systems while remediation is scheduled and verified
- Check relevant monitoring, detection, and logs for exposed assets that need extra review
- Track exceptions, retest remediated assets, and close the item only after evidence is documented
Evidence notes
The CVE record was published on 2026-06-17T10:54:15.673Z and was last modified on 2026-06-18T22:20:33.020Z. The NVD entry is currently Analyzed. The vulnerability affects Oracle Universal Work Queue, a component of Oracle E-Business Suite, with versions 12.2.3-12.2.15 being vulnerable. The CVSS 3.1 Base Score is 8.8, indicating high severity with impacts on Confidentiality, Integrity, and Availability. Defenders should verify the affected scope, severity, and vendor guidance.
Official resources
-
CVE-2026-46965 CVE record
CVE.org
-
CVE-2026-46965 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-06-17T10:54:15.673Z and has not been modified since then. The NVD entry is currently Analyzed.