Vulnerability in Oracle Applications DBA of Oracle E-Business Suite
CVE-2026-22011

7.6HIGH

Key Information:

Vendor: Oracle
Status: Oracle Applications Dba
Vendor: CVE Published:; 21 April 2026

What is CVE-2026-22011?

A significant vulnerability exists in the Oracle Applications DBA component of Oracle E-Business Suite, affecting versions 12.2.3 through 12.2.15. This vulnerability permits a high-privileged attacker with network access via HTTP to potentially compromise the Oracle Applications DBA. Exploit attempts require human interaction from an individual other than the attacker. While the issue lies specifically within Oracle Applications DBA, the ramifications of successful attacks may extend to other interconnected products. Consequently, addressing this vulnerability is crucial for maintaining the integrity and security of your Oracle systems.

Affected Version(s)

Oracle Applications DBA 12.2.3 <= 12.2.15

References

https://www.oracle.com/security-alerts/cpuapr2026.html

vendor-advisory

CVSS V3.1

Score:

7.6

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 21, 2026
Vulnerability Reserved
Jan 5, 2026

CVE-2026-22011 Data

JSON