Vulnerability in Oracle E-Business Suite Affecting Advanced Outbound Telephony
CVE-2026-46949

9.1CRITICAL

Key Information:

Vendor: Oracle
Status: Oracle Advanced Outbound Telephony
Vendor: CVE Published:; 16 June 2026

What is CVE-2026-46949?

An access control vulnerability exists in Oracle Advanced Outbound Telephony, part of the Oracle E-Business Suite. This easily exploitable flaw allows unauthenticated attackers with network access via HTTP to manipulate Oracle Advanced Outbound Telephony. Successful exploitation can lead to unauthorized creation, deletion, or modification of critical data. Attackers may gain complete access to all data that is accessible within the Oracle Advanced Outbound Telephony environment, potentially compromising confidentiality and integrity.

Affected Version(s)

Oracle Advanced Outbound Telephony 12.2.3 <= 12.2.15

References

https://www.oracle.com/security-alerts/cspujun2026.html

vendor-advisory

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 16, 2026
Vulnerability Reserved
May 18, 2026

CVE-2026-46949 Data

JSON