Threat Intelligence Database

CVE-2026-46966 is a high-severity vulnerability in Oracle Universal Work Queue versions 12.2.3 through 12.2.15. It allows a low privileged attacker with network access via HTTP to potentially take over the Oracle Universal Work Queue. The vulnerability has a CVSS 3.1 base score of 7.5, indicating high impact on confidentiality, integrity, and availability. Oracle has included this vulnerability in its June 2026 Critical Security Patch Update advisory and strongly recommends applying the patches promptly. Until patched, risk reduction may be possible by blocking required network protocols or restricting privileges, though these may impact functionality.

CVE-2026-46963 is a critical vulnerability in Oracle Universal Work Queue, part of Oracle E-Business Suite. It affects supported versions 12.2.3 through 12.2.15. The flaw allows a low privileged attacker with network access via HTTP to compromise the product, potentially leading to full takeover. The vulnerability also has scope to impact additional Oracle products. It has a CVSS 3.1 base score of 9.9, indicating high confidentiality, integrity, and availability impacts. Oracle has published a Critical Security Patch Update advisory recommending prompt patching. No explicit patch version is stated in the advisory content provided, but Oracle strongly urges applying the June 2026 Critical Security Patch Update. Mitigations include applying patches promptly and possibly blocking network protocols or removing unnecessary privileges until patches are applied. No known exploits in the wild have been reported yet.

Vulnerability in the Oracle Universal Work Queue product of Oracle E-Business Suite (component: Work Provider Site Level Administration). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Universal Work Queue. While the vulnerability is in Oracle Universal Work Queue, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Universal Work Queue. CVSS 3.1 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).