Unauthenticated Access Vulnerability in Oracle Internet Procurement Connector by Oracle
CVE-2026-46819

9.1CRITICAL

Key Information:

Vendor: Oracle
Status: Oracle Internet Procurement Connector
Vendor: CVE Published:; 28 May 2026

What is CVE-2026-46819?

The Oracle Internet Procurement Connector within Oracle E-Business Suite is susceptible to an unauthenticated access vulnerability. Attackers with network access via HTTP can exploit this weakness, allowing unauthorized actions such as data creation, deletion, or modification. The affected versions from 12.2.3 to 12.2.15 may face significant risks of data compromise, which can severely impact data confidentiality and integrity. Without appropriate mitigations, organizations using these versions may be exposed to unauthorized manipulation or access to sensitive data.

Affected Version(s)

Oracle Internet Procurement Connector 12.2.3 <= 12.2.15

References

https://www.oracle.com/security-alerts/cspumay2026.html

vendor-advisory

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 28, 2026
Vulnerability Reserved
May 18, 2026

CVE-2026-46819 Data

JSON