Network Access Vulnerability in Oracle Database Server's Net Service Component
CVE-2026-46835

7.5HIGH

Key Information:

Vendor: Oracle
Status: Oracle Database Server
Vendor: CVE Published:; 28 May 2026

What is CVE-2026-46835?

The vulnerability in the Net Service component of Oracle Database Server affects multiple supported versions, allowing unauthenticated attackers with network access to exploit the service through TLS. This can lead to a denial-of-service condition, where the Net Service may hang or repeatedly crash, disrupting availability and potentially affecting overall system operations.

Affected Version(s)

Oracle Database Server 23.4.0 <= 23.26.2

References

https://www.oracle.com/security-alerts/cspumay2026.html

vendor-advisory

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 28, 2026
Vulnerability Reserved
May 18, 2026

CVE-2026-46835 Data

JSON