Vulnerability in Oracle Database Net Service Component
CVE-2026-46833

9CRITICAL

Key Information:

Vendor: Oracle
Status: Oracle Database Server
Vendor: CVE Published:; 28 May 2026

What is CVE-2026-46833?

A vulnerability exists within the Net Service component of Oracle Database Server. This issue affects versions 23.4.0 to 23.26.2 and can be exploited by an unauthenticated attacker with network access via TLS. Although the vulnerability is localized to the Net Service, successful exploitation can result in the compromise of the service itself, potentially affecting other interconnected systems. Organizations using affected versions are urged to apply mitigations promptly to safeguard their network infrastructure.

Affected Version(s)

Oracle Database Server 23.4.0 <= 23.26.2

References

https://www.oracle.com/security-alerts/cspumay2026.html

vendor-advisory

CVSS V3.1

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 28, 2026
Vulnerability Reserved
May 18, 2026

CVE-2026-46833 Data

JSON