PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-46966 Oracle Corporation CVE debrief

A high-severity vulnerability was discovered in Oracle Universal Work Queue, a component of Oracle E-Business Suite. The vulnerability, tracked as CVE-2026-46966, has a CVSS score of 7.5 and can be exploited by a low-privileged attacker with network access via HTTP, potentially leading to a takeover of the Oracle Universal Work Queue. This vulnerability is located in the Work Provider Site Level Administration component of Oracle Universal Work Queue. It is a difficult-to-exploit vulnerability that requires a low-privileged attacker with network access via HTTP. Successful exploitation can result in a takeover of Oracle Universal Work Queue.

Vendor
Oracle Corporation
Product
Oracle Universal Work Queue
CVSS
HIGH 7.5
CISA KEV
Not listed in stored evidence
Original CVE published
2026-06-17
Original CVE updated
2026-06-18
Advisory published
2026-06-17
Advisory updated
2026-06-18

Who should care

Organizations using Oracle E-Business Suite versions 12.2.3-12.2.15 should prioritize patching this vulnerability to prevent potential exploitation. This is because the vulnerability has a high CVSS score and can be exploited by a low-privileged attacker with network access via HTTP, potentially leading to a takeover of the Oracle Universal Work Queue.

Technical summary

The vulnerability is located in the Work Provider Site Level Administration component of Oracle Universal Work Queue. It is a difficult-to-exploit vulnerability that requires a low-privileged attacker with network access via HTTP. Successful exploitation can result in a takeover of Oracle Universal Work Queue. The CVSS Vector is CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H. The vulnerability affects Oracle E-Business Suite versions 12.2.3-12.2.15.

Defensive priority

High priority should be given to patching this vulnerability due to its high CVSS score and potential impact on Oracle E-Business Suite instances.

Recommended defensive actions

  • Apply the patch provided by Oracle Corporation as soon as possible
  • Review and update network access controls to limit exposure
  • Monitor Oracle E-Business Suite instances for suspicious activity
  • Consider implementing additional security measures such as Web Application Firewalls
  • Verify the integrity of Oracle Universal Work Queue configurations
  • Review compensating controls for exposed systems while remediation is scheduled and verified
  • Track exceptions, retest remediated assets, and close the item only after evidence is documented

Evidence notes

The CVE record was published on 2026-06-17T10:54:15.773Z and was last modified on 2026-06-18T22:20:46.933Z. The NVD entry is currently Analyzed. This information is based on the NVD entry and the CVE record. The vulnerability affects Oracle Universal Work Queue, a component of Oracle E-Business Suite. The CVE record and NVD entry provide additional context and details about the vulnerability.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-06-17T10:54:15.773Z and has not been modified since then. The NVD entry is currently Analyzed.