Authorization Vulnerability in Oracle E-Business Suite - Oracle Public Sector Financials
CVE-2026-46823

7.7HIGH

Key Information:

Vendor: Oracle
Status: Oracle Public Sector Financials (international)
Vendor: CVE Published:; 28 May 2026

What is CVE-2026-46823?

This vulnerability in Oracle Public Sector Financials (International) allows an attacker with low privileges to exploit network access over HTTPS, potentially leading to unauthorized access to sensitive data. The impact of successful exploitation could extend beyond the affected product, compromising critical information across various components of the Oracle E-Business Suite. Attackers may gain complete access to all data accessible within Oracle Public Sector Financials (International), highlighting the necessity for immediate attention and mitigation strategies.

Affected Version(s)

Oracle Public Sector Financials (International) 12.2.6 <= 12.2.15

References

https://www.oracle.com/security-alerts/cspumay2026.html

vendor-advisory

CVSS V3.1

Score:

7.7

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 28, 2026
Vulnerability Reserved
May 18, 2026

CVE-2026-46823 Data

JSON