Internal Operations Vulnerability in Oracle E-Business Suite iSupport
CVE-2026-46944

9.1CRITICAL

Key Information:

Vendor: Oracle
Status: Oracle Isupport
Vendor: CVE Published:; 16 June 2026

What is CVE-2026-46944?

An access control vulnerability in the Internal Operations of Oracle iSupport within the Oracle E-Business Suite could be exploited by a high-privileged attacker who has network access via HTTP. This easily exploitable vulnerability not only jeopardizes Oracle iSupport but may also lead to severe consequences on other interrelated products, expanding the scope of potential attacks. Successful exploitation can enable an attacker to take full control of Oracle iSupport, thereby compromising the confidentiality, integrity, and availability of the affected systems.

Affected Version(s)

Oracle iSupport 12.2.3 <= 12.2.15

References

https://www.oracle.com/security-alerts/cspujun2026.html

vendor-advisory

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 16, 2026
Vulnerability Reserved
May 18, 2026

CVE-2026-46944 Data

JSON