Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.9
CVE-2026-46824: Oracle Universal Work Queue takeover via HTTP access
CVE-2026-46824
Summary
The Oracle Universal Work Queue in Oracle E-Business Suite versions 12.2.3-12.2.15 can be compromised through a vulnerability in its Work Provider Site Level Administration component. This means an attacker with basic access to the system via the internet could potentially take control of the Work Queue. Oracle recommends upgrading to a fixed version to protect against this risk.
Original title
Vulnerability in the Oracle Universal Work Queue product of Oracle E-Business Suite (component: Work Provider Site Level Administration). Supported versions that are affected are 12.2.3-12.2.15. E...
Original description
Vulnerability in the Oracle Universal Work Queue product of Oracle E-Business Suite (component: Work Provider Site Level Administration). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Universal Work Queue. While the vulnerability is in Oracle Universal Work Queue, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Universal Work Queue. CVSS 3.1 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).
nvd CVSS3.1
9.9
Vulnerability type
CWE-269
Improper Privilege Management
CWE-284
Improper Access Control
CWE-306
Missing Authentication for Critical Function
Published: 28 May 2026 · Updated: 31 May 2026 · First seen: 28 May 2026