CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

CVE-2026-46937

unknowncovered by 1 sourcefirst seen 2026-06-17
Oracle has fixed vulnerabilities in various Oracle E-Business Suite products, including Oracle Enterprise Command Center Framework, iSupplier Portal, Complex Maintenance, Repair and Overhaul, Process Manufacturing Product Development, HR Intelligence, Receivables, Spares Management, Cost Management, Enterprise Asset Management, Applications Manager, iSupport, Advanced Outbound Telephony, Quality, HRMS (UK), Human Resources, Property Manager, Subledger Accounting, Project Portfolio Analysis, Universal Work Queue, Public Sector Financials (International), Financials for EMEA, Outsourced Manufacturing, and Public Sector Payroll. The vulnerabilities allow an attacker with network access and often low to high privileges to perform unauthorized actions, including gaining full control over the system, creating, modifying, or deleting critical data, and causing partial or complete denial-of-service. Some vulnerabilities require user interaction, while others can be exploited without authentication. The vulnerabilities affect the confidentiality, integrity, and availability of the systems. The CVSS 3.1 base scores range from 7.1 to 9.9, with multiple vulnerabilities scoring 8.8 or higher. The vulnerabilities are present in various versions, primarily between 12.2.3 and 12.2.15, and in some cases also in versions 15 and 16 of the Enterprise Command Center Framework. Exploitation can lead to complete system compromise and may also impact other Oracle products that depend on the vulnerable components.

CSIRTS triage

What
Vulnerabilities allow unauthorized actions that can lead to data manipulation and system compromise.
Who is affected
Deployments of various Oracle E-Business Suite products.
Urgency
Remediation is necessary due to the potential for significant data loss and system integrity issues.
Action
Apply the latest security updates for Oracle E-Business Suite products.

AI-assisted analysis generated from the source advisory — verify against the original.

⚡ Watch CVE-2026-46937

Get an email if CVE-2026-46937 is added to CISA KEV, gains public exploit code, or a new advisory cites it — max one per day, one-click unsubscribe.

Exploitation outlook

Advisory coverage (1)

External references

NVD record for CVE-2026-46937

CVE.org record

Embed the live status

CVE-2026-46937 live status badge — this badge updates automatically when the KEV or exploit status changes. How to embed it →

[![CVE-2026-46937 status](https://www.csirts.com/badge/CVE-2026-46937)](https://www.csirts.com/cve/CVE-2026-46937)