Unauthenticated Access Vulnerability in Oracle E-Business Suite's Cost Management Software
CVE-2026-46930

9.1CRITICAL

Key Information:

Vendor: Oracle
Status: Oracle In-memory Cost Management For Discrete Industries
Vendor: CVE Published:; 16 June 2026

What is CVE-2026-46930?

A significant vulnerability exists in the Oracle In-Memory Cost Management for Discrete Industries component of Oracle E-Business Suite. This flaw allows an unauthenticated attacker with network access through HTTPS to exploit the system. Successful exploitation can lead to unauthorized actions such as the creation, deletion, or modification of sensitive data. Furthermore, the vulnerability enables unauthorized access to significant datasets stored within the Oracle In-Memory Cost Management, posing serious risks to data confidentiality and integrity.

Affected Version(s)

Oracle In-Memory Cost Management for Discrete Industries 12.2.12 <= 12.2.15

References

https://www.oracle.com/security-alerts/cspujun2026.html

vendor-advisory

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 16, 2026
Vulnerability Reserved
May 18, 2026

CVE-2026-46930 Data

JSON