Oracle EBS Public Sector Financials 12.2.6-12.2.15 Auth Bypass via HTTPS
CVE-2026-46823 Published on May 28, 2026
Vulnerability in the Oracle Public Sector Financials (International) product of Oracle E-Business Suite (component: Authorization). Supported versions that are affected are 12.2.6-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle Public Sector Financials (International). While the vulnerability is in Oracle Public Sector Financials (International), attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Public Sector Financials (International) accessible data. CVSS 3.1 Base Score 7.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N).
Vulnerability Analysis
CVE-2026-46823 can be exploited with network access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.
Weakness Type
What is an AuthZ Vulnerability?
The software performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.
CVE-2026-46823 has been classified to as an AuthZ vulnerability or weakness.
Products Associated with CVE-2026-46823
Want to know whenever a new CVE is published for Oracle Public Sector Financials? stack.watch will email you.
Affected Versions
Oracle Corporation Oracle Public Sector Financials (International):- Version 12.2.6, <= 12.2.15 is affected.