Exploitable Vulnerability in Oracle E-Business Suite iSetup Component
CVE-2026-46937

8.8HIGH

Key Information:

Vendor: Oracle
Status: Oracle Isetup
Vendor: CVE Published:; 16 June 2026

What is CVE-2026-46937?

A vulnerability exists in the General Ledger Update Transform component of Oracle E-Business Suite iSetup, allowing low privileged attackers with HTTP network access to compromise the service. Successful exploitation can lead to complete takeover of the iSetup functionality, potentially impacting confidentiality, integrity, and availability of the system. It is crucial for organizations using affected versions to implement the necessary security measures as outlined in the Oracle advisory.

Affected Version(s)

Oracle iSetup 12.2.3 <= 12.2.15

References

https://www.oracle.com/security-alerts/cspujun2026.html

vendor-advisory

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 16, 2026
Vulnerability Reserved
May 18, 2026

CVE-2026-46937 Data

JSON