Internal Operations Vulnerability in Oracle iSupplier Portal Product by Oracle
CVE-2026-46957

7.5HIGH

Key Information:

Vendor: Oracle
Status: Oracle Isupplier Portal
Vendor: CVE Published:; 16 June 2026

What is CVE-2026-46957?

A serious vulnerability exists within the Oracle iSupplier Portal, part of Oracle E-Business Suite, which involves improper authentication issues in the Internal Operations component. This flaw can be exploited by a low privileged attacker who has network access via HTTP, potentially leading to the compromise of the Oracle iSupplier Portal. Attackers successful in exploiting this vulnerability may gain unauthorized access, enabling them to disrupt operations and manipulate sensitive data. Affected versions range from 12.2.3 to 12.2.15, making it crucial for users to review their systems and apply recommended patches to safeguard against possible exploitation.

Affected Version(s)

Oracle iSupplier Portal 12.2.3 <= 12.2.15

References

https://www.oracle.com/security-alerts/cspujun2026.html

vendor-advisory

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 16, 2026
Vulnerability Reserved
May 18, 2026

CVE-2026-46957 Data

JSON