Vulnerability in Oracle E-Business Suite: Supply to Order Workbench Component
CVE-2026-46939

8.1HIGH

Key Information:

Vendor: Oracle
Status: Oracle Configure To Order
Vendor: CVE Published:; 16 June 2026

What is CVE-2026-46939?

A vulnerability exists in the Supply to Order Workbench component of Oracle E-Business Suite, specifically affecting versions 12.2.3 to 12.2.15. The flaw allows low privileged attackers who have network access via HTTP to exploit the system, potentially leading to unauthorized creation, deletion, or modification of critical data. This vulnerability poses significant risks, enabling attackers to gain unauthorized access to sensitive data and compromise the integrity of all data accessible within the Oracle Configure to Order.

Affected Version(s)

Oracle Configure to Order 12.2.3 <= 12.2.15

References

https://www.oracle.com/security-alerts/cspujun2026.html

vendor-advisory

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 16, 2026
Vulnerability Reserved
May 18, 2026

CVE-2026-46939 Data

JSON