Vulnerability in Oracle E-Business Suite's Maintenance, Repair, and Overhaul Component
CVE-2026-46935

7.5HIGH

Key Information:

Vendor: Oracle
Status: Oracle Complex Maintenance, Repair And Overhaul
Vendor: CVE Published:; 16 June 2026

What is CVE-2026-46935?

A vulnerability exists within the Oracle E-Business Suite's Complex Maintenance, Repair, and Overhaul component, allowing low-privileged attackers with network access through HTTP to exploit it. The affected versions range from 12.2.3 to 12.2.15. Successful exploitation could enable unauthorized access and potentially lead to a complete takeover of the affected components, compromising confidentiality, integrity, and availability.

Affected Version(s)

Oracle Complex Maintenance, Repair and Overhaul 12.2.3 <= 12.2.15

References

https://www.oracle.com/security-alerts/cspujun2026.html

vendor-advisory

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 16, 2026
Vulnerability Reserved
May 18, 2026

CVE-2026-46935 Data

JSON