CVE-2026-46942 is a vulnerability in the Oracle Process Manufacturing Process Planning component of Oracle E-Business Suite, specifically affecting version 12.2.3. It allows a low privileged attacker with network access via HTTP to compromise the system without user interaction, resulting in complete takeover of the product. The CVSS 3.1 vector indicates network attack vector, low attack complexity, low privileges required, no user interaction, unchanged scope, and high impact on confidentiality, integrity, and availability (score 8.8). Oracle has published this vulnerability as part of its June 2026 Critical Security Patch Update advisory, which contains numerous security patches across Oracle products. The advisory strongly recommends applying the update promptly to mitigate this and other vulnerabilities. No specific patch version for this vulnerability is explicitly stated in the advisory content provided, so patch status should be confirmed by consulting the vendor advisory directly.

Successful exploitation of this vulnerability allows an attacker with low privileges and network access via HTTP to fully compromise Oracle Process Manufacturing Process Planning. This results in complete loss of confidentiality, integrity, and availability of the affected component, effectively allowing takeover of the system.

Oracle strongly recommends applying the June 2026 Critical Security Patch Update, which includes patches addressing this vulnerability. Until patches are applied, risk may be reduced by blocking network protocols required for exploitation and removing unnecessary privileges from users. These mitigations may impact application functionality. Patch status is not explicitly confirmed in the advisory content; therefore, customers should consult the Oracle advisory at https://www.oracle.com/security-alerts/cspujun2026.html for current patch availability and installation instructions.