Vulnerability in Oracle E-Business Suite's Universal Work Queue Component
CVE-2026-46963

9.9CRITICAL

Key Information:

Vendor: Oracle
Status: Oracle Universal Work Queue
Vendor: CVE Published:; 16 June 2026

What is CVE-2026-46963?

A vulnerability exists in the Oracle Universal Work Queue component of the Oracle E-Business Suite, specifically in the Work Provider Site Level Administration module. This vulnerability can be exploited by an attacker with low privilege and network access via HTTP, allowing potential compromise of the Oracle Universal Work Queue. The risks extend beyond the immediate component, potentially affecting other related products. Successful exploitation could lead to unauthorized control over the Universal Work Queue, threatening confidentiality, integrity, and availability of the affected systems.

Affected Version(s)

Oracle Universal Work Queue 12.2.3 <= 12.2.15

References

https://www.oracle.com/security-alerts/cspujun2026.html

vendor-advisory

CVSS V3.1

Score:

9.9

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 16, 2026
Vulnerability Reserved
May 18, 2026

CVE-2026-46963 Data

JSON