Threat Intelligence Database

CVE-2026-46772 is a vulnerability in Oracle Application Development Framework (ADF) versions 12.2.1.4.0 and 14.1.2.0.0. It allows a high privileged attacker with access to the infrastructure where ADF runs to potentially compromise the framework. Successful exploitation can lead to unauthorized access to critical data and unauthorized modification (update, insert, delete) of some accessible data. The vulnerability is rated medium severity with a CVSS score of 4.7. Oracle has included this vulnerability in its June 2026 Critical Security Patch Update and strongly recommends applying the patches promptly.

CVE-2026-46771 is a vulnerability in Oracle Application Development Framework (ADF) versions 12.2.1.4.0 and 14.1.2.0.0. It requires a high privileged attacker with logon access to the infrastructure where ADF executes. Successful exploitation can lead to unauthorized access to critical or all data accessible by ADF. The vulnerability has a CVSS 3.1 base score of 4.1, indicating medium severity, with confidentiality impact but no integrity or availability impact. Oracle has included this vulnerability in its June 2026 Critical Security Patch Update advisory, which provides patches for affected products. Customers are strongly advised to apply these patches promptly to mitigate the risk.

CVE-2026-46770 is a medium severity vulnerability in Oracle Application Development Framework (ADF) versions 12.2.1.4.0 and 14.1.2.0.0. It allows an unauthenticated attacker with network access via HTTP to perform unauthorized update, insert, or delete operations on accessible data, as well as unauthorized read access to some data. Successful exploitation requires human interaction from a user other than the attacker and can impact additional Oracle products beyond ADF. The vulnerability has a CVSS 3.1 base score of 6.1, reflecting confidentiality and integrity impacts. Oracle has published a Critical Security Patch Update advisory recommending prompt patch application. No explicit patch or fix version is stated in the advisory content provided.

CVE-2026-46769 is a high-severity vulnerability in Oracle Application Development Framework (ADF) versions 12.2.1.4.0 and 14.1.2.0.0. It allows a high privileged attacker with network access via HTTP to compromise the ADF product, potentially leading to full takeover. The vulnerability has a CVSS 3.1 base score of 7.2, indicating high impact on confidentiality, integrity, and availability. Oracle has included this vulnerability in its June 2026 Critical Security Patch Update (CSPU). Customers are strongly advised to apply the relevant patches promptly. Until patches are applied, risk may be mitigated by blocking required network protocols or restricting privileges, though these may impact functionality.