Threat Intelligence Database

CVE-2026-46776 is a high-severity vulnerability in Oracle Unified Directory versions 12.2.1.4.0 and 14.1.2.1.0. It allows an unauthenticated attacker with network access via LDAP to compromise the product. Successful exploitation can lead to unauthorized creation, deletion, or modification of critical data, unauthorized read access to some data, and partial denial of service. The vulnerability has a CVSS 3.1 base score of 8.6. Oracle has included this fix in its June 2026 Critical Security Patch Update and strongly recommends applying the patch promptly. Mitigations include applying the patch and potentially blocking network protocols required for exploitation until patched, though this may impact functionality.

CVE-2026-46774 is a critical vulnerability in Oracle Unified Directory versions 12.2.1.4.0 and 14.1.2.1.0. It allows an unauthenticated attacker with network access via RMI to fully compromise the product, potentially resulting in complete takeover. The vulnerability has a CVSS 3.1 base score of 9.8, indicating high impact on confidentiality, integrity, and availability. Oracle has released a Critical Security Patch Update addressing this and many other vulnerabilities. Customers are strongly advised to apply the provided patches promptly to mitigate the risk. Until patches are applied, network-level mitigations such as blocking required attack protocols may reduce exposure, though these may impact functionality.

CVE-2026-46773 is a critical vulnerability in Oracle Unified Directory versions 12.2.1.4.0 and 14.1.2.1.0. It allows an unauthenticated attacker with network access via LDAP to fully compromise the product, potentially resulting in complete takeover. The vulnerability has a CVSS 3.1 base score of 9.8, indicating high impact on confidentiality, integrity, and availability. Oracle has released a Critical Security Patch Update addressing this and many other vulnerabilities. Customers are strongly advised to apply the provided patches promptly to mitigate the risk.