Vulnerability in Oracle E-Business Suite Work Provider Site Level Administration
CVE-2026-46964

9.9CRITICAL

Key Information:

Vendor: Oracle
Status: Oracle Universal Work Queue
Vendor: CVE Published:; 16 June 2026

What is CVE-2026-46964?

The vulnerability in the Oracle Universal Work Queue component of Oracle E-Business Suite allows an attacker with low privileges and network access via HTTP to potentially compromise the system. While targeting the Oracle Universal Work Queue specifically, the impacts of a successful exploit may extend beyond this component, putting additional products at risk. An attacker could take control of the Oracle Universal Work Queue, posing significant threats to the confidentiality, integrity, and availability of the affected systems.

Affected Version(s)

Oracle Universal Work Queue 12.2.3 <= 12.2.15

References

https://www.oracle.com/security-alerts/cspujun2026.html

vendor-advisory

CVSS V3.1

Score:

9.9

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 16, 2026
Vulnerability Reserved
May 18, 2026

CVE-2026-46964 Data

JSON