Skip to main content
CVE Vulnerability Database
Vulnerability Database/CVE-2026-46965

CVE-2026-46965: Oracle Universal Work Queue Escalation

CVE-2026-46965 is a privilege escalation vulnerability in Oracle Universal Work Queue allowing attackers to compromise the system. This article covers the technical details, affected versions, impact, and mitigation.

Published:

CVE-2026-46965 Overview

CVE-2026-46965 is an improper access control vulnerability [CWE-284] in the Oracle Universal Work Queue product of Oracle E-Business Suite. The flaw resides in the Work Provider Site Level Administration component and affects supported versions 12.2.3 through 12.2.15. A low-privileged attacker with network access over HTTP can exploit this issue to compromise Oracle Universal Work Queue. Successful exploitation results in full takeover of the affected product, with impact to confidentiality, integrity, and availability. Oracle disclosed the vulnerability in the June 2026 Critical Patch Update.

Critical Impact

Authenticated attackers can take over Oracle Universal Work Queue over the network using only low-level privileges and no user interaction.

Affected Products

  • Oracle E-Business Suite — Oracle Universal Work Queue 12.2.3
  • Oracle E-Business Suite — Oracle Universal Work Queue versions 12.2.4 through 12.2.14
  • Oracle E-Business Suite — Oracle Universal Work Queue 12.2.15

Discovery Timeline

  • 2026-06-17 - CVE-2026-46965 published to the National Vulnerability Database (NVD)
  • 2026-06-17 - Last updated in NVD database

Technical Details for CVE-2026-46965

Vulnerability Analysis

The vulnerability is classified under [CWE-284] Improper Access Control. The Work Provider Site Level Administration component of Oracle Universal Work Queue fails to enforce proper authorization checks on HTTP-accessible functionality. An attacker authenticated with low privileges can reach administrative actions that should be restricted.

The Exploit Prediction Scoring System (EPSS) probability for this CVE is 0.389% at the 30.578 percentile as of 2026-06-18. No public proof-of-concept is currently available, and the issue is not listed in the CISA Known Exploited Vulnerabilities catalog.

Successful exploitation results in complete takeover of Oracle Universal Work Queue. Because Universal Work Queue routes and assigns work across E-Business Suite modules, compromise can expose data managed by connected business processes.

Root Cause

The root cause is missing or insufficient authorization enforcement in the Work Provider Site Level Administration component. The application grants access to functionality based on session presence rather than verifying that the authenticated user holds the privileges required for administrative operations.

Attack Vector

The attack vector is network-based over HTTP. An attacker must hold a low-privileged account on the target Oracle E-Business Suite instance. No user interaction is required, and exploitation does not require local access or elevated credentials. Refer to the Oracle Security Alert - June 2026 for vendor technical context.

Detection Methods for CVE-2026-46965

Indicators of Compromise

  • Unexpected administrative actions in Oracle Universal Work Queue logs initiated by accounts that do not normally perform site-level administration.
  • HTTP requests to Work Provider Site Level Administration endpoints originating from user sessions with low-privileged roles.
  • New, modified, or deleted work provider configurations without a corresponding change-management record.

Detection Strategies

  • Review Oracle E-Business Suite audit tables and middle-tier HTTP access logs for anomalous calls to Universal Work Queue administration URLs.
  • Correlate authentication events with privileged action events to identify privilege mismatches.
  • Baseline normal administrator account activity and alert on deviations involving Work Queue configuration changes.

Monitoring Recommendations

  • Forward Oracle E-Business Suite application, database, and HTTP server logs to a centralized SIEM for retention and correlation.
  • Monitor outbound connections and shell activity on the E-Business Suite middle tier following Universal Work Queue administrative requests.
  • Track changes to Universal Work Queue site-level configuration objects and alert on unexpected modifications.

How to Mitigate CVE-2026-46965

Immediate Actions Required

  • Apply the Oracle Critical Patch Update from June 2026 to all Oracle E-Business Suite instances running Universal Work Queue versions 12.2.3 through 12.2.15.
  • Inventory all Oracle E-Business Suite deployments and confirm the installed Universal Work Queue version against the affected range.
  • Restrict network reachability of Oracle E-Business Suite HTTP endpoints to trusted corporate networks only.
  • Review existing low-privileged accounts and disable any that are not required for business operations.

Patch Information

Oracle released fixes as part of the June 2026 Critical Patch Update. Administrators should review the Oracle Security Alert - June 2026 advisory for patch identifiers, prerequisites, and application steps specific to their Oracle E-Business Suite release.

Workarounds

  • Place Oracle E-Business Suite behind a web application firewall and block unauthenticated or low-privileged access to Universal Work Queue administration paths until patches are applied.
  • Enforce strong authentication and reduce the number of accounts with any access to the E-Business Suite environment.
  • Enable database and application auditing on Universal Work Queue administrative actions to support detection if patching must be delayed.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the Most Advanced Cybersecurity Platform

See how the world’s most intelligent, autonomous cybersecurity platform can protect your organization today and into the future.