CVE-2026-46837
published 2026-05-28CVE-2026-46837: Vulnerability in the Oracle Flow Manufacturing product of Oracle E-Business Suite (component: Security). Supported versions that are affected are…
PriorityP260high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
0.27%
18.3th percentile
Vulnerability in the Oracle Flow Manufacturing product of Oracle E-Business Suite (component: Security). Supported versions that are affected are 12.2.9-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via SQL to compromise Oracle Flow Manufacturing. Successful attacks of this vulnerability can result in takeover of Oracle Flow Manufacturing. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| oracle | e-business_suite | 12.2.9 – 12.2.15 | — |
| oracle_corporation | oracle_flow_manufacturing | 12.2.9 – 12.2.15 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Oracle Flow Manufacturing up to 12.2.15 Security privilege escalation (EUVD-2026-33016)
vuldb·2026-05-28·CVSS 8.8
CVE-2026-46837 [HIGH] Oracle Flow Manufacturing up to 12.2.15 Security privilege escalation (EUVD-2026-33016)
A vulnerability marked as critical has been reported in Oracle Flow Manufacturing up to 12.2.15. The impacted element is an unknown function of the component Security. The manipulation leads to privilege escalation.
This vulnerability is listed as CVE-2026-46837. The attack may be initiated remotely. There is no available exploit.
It is suggested to upgrade the affected component.
GHSA
GHSA-52wf-x2gw-qm74: Vulnerability in the Oracle Flow Manufacturing product of Oracle E-Business Suite (component: Security)
ghsa_unreviewed·2026-05-28
CVE-2026-46837 [HIGH] CWE-269 GHSA-52wf-x2gw-qm74: Vulnerability in the Oracle Flow Manufacturing product of Oracle E-Business Suite (component: Security)
Vulnerability in the Oracle Flow Manufacturing product of Oracle E-Business Suite (component: Security). Supported versions that are affected are 12.2.9-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via SQL to compromise Oracle Flow Manufacturing. Successful attacks of this vulnerability can result in takeover of Oracle Flow Manufacturing. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-05-28
Published