Impact
The Oracle Application Development Framework (ADF) vulnerability described in CVE-2026-46769 is characterized as an easily exploitable flaw that permits a high-privileged attacker with network access via HTTP to compromise the ADF component and ultimately take over the framework. The CVSS 3.1 base score of 7.2 (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H) indicates full confidentiality, integrity, and availability impact for the affected system.
Affected Systems
Affected systems are Oracle Application Development Framework 12.2.1.4.0 and 14.1.2.0.0, which are part of Oracle Fusion Middleware. Any deployment of these ADF versions that exposes an HTTP interface to the network is vulnerable, regardless of the underlying operating environment.
Risk and Exploitability
The risk is moderate to high because the flaw allows complete takeover once a high-privilege attacker can reach the ADF instance over HTTP. The EPSS score of less than 1 % signals a low probability of exploitation in the current threat landscape, and the vulnerability is not listed in CISA's KEV catalog. Exploitation does not require local access or physical presence; it can occur remotely through the exposed HTTP services, with the attacker needing only high-privilege credentials or a session that grants such privileges.
OpenCVE Enrichment