Vulnerability in Oracle Payroll Product of Oracle E-Business Suite
CVE-2026-46827

8.8HIGH

Key Information:

Vendor: Oracle
Status: Oracle Payroll
Vendor: CVE Published:; 28 May 2026

What is CVE-2026-46827?

A vulnerability exists in the Oracle Payroll component of Oracle E-Business Suite's Self Service Manager that allows a low-privileged attacker with network access to exploit the system via HTTP. This vulnerability can lead to unauthorized access and takeover of Oracle Payroll systems. Affected versions include 12.2.3 to 12.2.15, making it critical for users to apply security measures promptly. The potential impact includes serious confidentiality, integrity, and availability risks.

Affected Version(s)

Oracle Payroll 12.2.3 <= 12.2.15

References

https://www.oracle.com/security-alerts/cspumay2026.html

vendor-advisory

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 28, 2026
Vulnerability Reserved
May 18, 2026

CVE-2026-46827 Data

JSON