CVE-2026-46973 is a vulnerability in the Oracle Outsourced Mfg for Discrete Industries component of Oracle E-Business Suite, affecting versions 12.2.3 through 12.2.15. It allows a low privileged attacker with network access via HTTP to compromise the product, potentially resulting in full takeover. The vulnerability has a CVSS 3.1 base score of 8.8 with high impact on confidentiality, integrity, and availability. Oracle has published this vulnerability as part of its June 2026 Critical Security Patch Update, which includes 245 security patches across various Oracle products. The vendor advisory strongly urges customers to apply the patches without delay. Workarounds include blocking network protocols required for exploitation and removing unnecessary privileges, but these may disrupt normal operations.

Successful exploitation of CVE-2026-46973 can lead to complete compromise of Oracle Outsourced Mfg for Discrete Industries, impacting confidentiality, integrity, and availability of the affected system. This could allow attackers to take over the product, potentially leading to unauthorized access and control over sensitive business operations managed by the software.

Oracle has released security patches addressing this vulnerability in the June 2026 Critical Security Patch Update. Customers are strongly advised to apply these patches as soon as possible. Until patches are applied, risk can be partially mitigated by blocking network protocols required for the attack and by removing unnecessary privileges from users who do not require them. However, these mitigations may impact application functionality. Patch status is confirmed by the vendor advisory; therefore, applying the official patches is the recommended remediation.