CVE-2026-46958
Oracle has fixed vulnerabilities in various Oracle E-Business Suite products, including Oracle Enterprise Command Center Framework, iSupplier Portal, Complex Maintenance, Repair and Overhaul, Process Manufacturing Product Development, HR Intelligence, Receivables, Spares Management, Cost Management, Enterprise Asset Management, Applications Manager, iSupport, Advanced Outbound Telephony, Quality, HRMS (UK), Human Resources, Property Manager, Subledger Accounting, Project Portfolio Analysis, Universal Work Queue, Public Sector Financials (International), Financials for EMEA, Outsourced Manufacturing, and Public Sector Payroll. The vulnerabilities allow an attacker with network access and often low to high privileges to perform unauthorized actions, including gaining full control over the system, creating, modifying, or deleting critical data, and causing partial or complete denial-of-service. Some vulnerabilities require user interaction, while others can be exploited without authentication. The vulnerabilities affect the confidentiality, integrity, and availability of the systems. The CVSS 3.1 base scores range from 7.1 to 9.9, with multiple vulnerabilities scoring 8.8 or higher. The vulnerabilities are present in various versions, primarily between 12.2.3 and 12.2.15, and in some cases also in versions 15 and 16 of the Enterprise Command Center Framework. Exploitation can lead to complete system compromise and may also impact other Oracle products that depend on the vulnerable components.
CSIRTS triage
- What
- Vulnerabilities allow unauthorized actions that can lead to data manipulation and system compromise.
- Who is affected
- Deployments of various Oracle E-Business Suite products.
- Urgency
- Remediation is necessary due to the potential for significant data loss and system integrity issues.
- Action
- Apply the latest security updates for Oracle E-Business Suite products.
AI-assisted analysis generated from the source advisory — verify against the original.
⚡ Watch CVE-2026-46958
Get an email if CVE-2026-46958 is added to CISA KEV, gains public exploit code, or a new advisory cites it — max one per day, one-click unsubscribe.
Exploitation outlook
- Low exploitation risk0.25% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 16% of all EPSS-scored CVEs.
Advisory coverage (1)
- unknownNCSC-2026-0201 [1.00] [M/H] Vulnerabilities fixed in Oracle E-Business Suite productsncsc-nl · 2026-06-17
External references
Embed the live status
— this badge updates automatically when the KEV or exploit status changes. How to embed it →
[](https://www.csirts.com/cve/CVE-2026-46958)