PatchSiren cyber security CVE debrief
CVE-2026-46966 Oracle Corporation CVE debrief
A high-severity vulnerability was discovered in Oracle Universal Work Queue, a component of Oracle E-Business Suite. The vulnerability, tracked as CVE-2026-46966, has a CVSS score of 7.5 and can be exploited by a low-privileged attacker with network access via HTTP, potentially leading to a takeover of the Oracle Universal Work Queue. This vulnerability is located in the Work Provider Site Level Administration component of Oracle Universal Work Queue. It is a difficult-to-exploit vulnerability that requires a low-privileged attacker with network access via HTTP. Successful exploitation can result in a takeover of Oracle Universal Work Queue.
- Vendor
- Oracle Corporation
- Product
- Oracle Universal Work Queue
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-17
- Original CVE updated
- 2026-06-18
- Advisory published
- 2026-06-17
- Advisory updated
- 2026-06-18
Who should care
Organizations using Oracle E-Business Suite versions 12.2.3-12.2.15 should prioritize patching this vulnerability to prevent potential exploitation. This is because the vulnerability has a high CVSS score and can be exploited by a low-privileged attacker with network access via HTTP, potentially leading to a takeover of the Oracle Universal Work Queue.
Technical summary
The vulnerability is located in the Work Provider Site Level Administration component of Oracle Universal Work Queue. It is a difficult-to-exploit vulnerability that requires a low-privileged attacker with network access via HTTP. Successful exploitation can result in a takeover of Oracle Universal Work Queue. The CVSS Vector is CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H. The vulnerability affects Oracle E-Business Suite versions 12.2.3-12.2.15.
Defensive priority
High priority should be given to patching this vulnerability due to its high CVSS score and potential impact on Oracle E-Business Suite instances.
Recommended defensive actions
- Apply the patch provided by Oracle Corporation as soon as possible
- Review and update network access controls to limit exposure
- Monitor Oracle E-Business Suite instances for suspicious activity
- Consider implementing additional security measures such as Web Application Firewalls
- Verify the integrity of Oracle Universal Work Queue configurations
- Review compensating controls for exposed systems while remediation is scheduled and verified
- Track exceptions, retest remediated assets, and close the item only after evidence is documented
Evidence notes
The CVE record was published on 2026-06-17T10:54:15.773Z and was last modified on 2026-06-18T22:20:46.933Z. The NVD entry is currently Analyzed. This information is based on the NVD entry and the CVE record. The vulnerability affects Oracle Universal Work Queue, a component of Oracle E-Business Suite. The CVE record and NVD entry provide additional context and details about the vulnerability.
Official resources
-
CVE-2026-46966 CVE record
CVE.org
-
CVE-2026-46966 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-06-17T10:54:15.773Z and has not been modified since then. The NVD entry is currently Analyzed.