CVE-2026-46896 - Vulnerability Details

Description

Vulnerability in the Oracle Enterprise Command Center Framework product of Oracle E-Business Suite (component: Core). Supported versions that are affected are V15 and V16. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Enterprise Command Center Framework. While the vulnerability is in Oracle Enterprise Command Center Framework, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Enterprise Command Center Framework. CVSS 3.1 Base Score 9.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).

Published: 2026-06-16

Score: 9.1 Critical

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

A vulnerability in the Core component of the Oracle Enterprise Command Center Framework allows a high‑privileged attacker who can reach the system over HTTP to fully compromise the application. Successful exploitation can lead to a takeover of the framework and, due to a scope change, can also impact additional Oracle E‑Business Suite products.

Affected Systems

The affected product is Oracle Enterprise Command Center Framework versions 15 and 16. No other vendors or products are listed as impacted in the data.

Risk and Exploitability

The CVSS 3.1 base score of 9.1 indicates high confidentiality, integrity, and availability impact. The EPSS score is below 1%, suggesting low current exploitation likelihood, but the vulnerability is listed as not in the CISA KEV catalog. The attack vector is inferred to be external network access via HTTP, requiring the attacker to be a high‑privileged user. Even with low exploitation probability, the severity and potential scope change make this a critical risk for systems that host the affected framework or depend on other Oracle E‑Business Suite components.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Oracle Corporation

Oracle Enterprise Command Center Framework

affected

Version	Status	Constraints
`V15`	affected	—
`V16`	affected	—

No data.

Vendor Product Confidence Versions

Oracle

Enterprise Command Center Framework

95%

Version	Status	Scheme	Platform
`V15`	affected	generic	—
`V16`	affected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Update Oracle Enterprise Command Center Framework to the latest patch or upgrade to a non‑affected version following Oracle’s advisory.
Restrict HTTP access to the application by configuring firewalls or ACLs to allow only trusted IP ranges.
Conduct an impact assessment of other Oracle E‑Business Suite components that may be affected by the scope change and apply any necessary mitigations or updates.

Generated by OpenCVE AI on June 17, 2026 at 19:10 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00499.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://www.oracle.com/security-alerts/cspujun2026.html

History

Tue, 16 Jun 2026 20:45:00 +0000

Type	Values Removed	Values Added
Description		Vulnerability in the Oracle Enterprise Command Center Framework product of Oracle E-Business Suite (component: Core). Supported versions that are affected are V15 and V16. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Enterprise Command Center Framework. While the vulnerability is in Oracle Enterprise Command Center Framework, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Enterprise Command Center Framework. CVSS 3.1 Base Score 9.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).
First Time appeared		Oracle Oracle enterprise Command Center Framework
CPEs		cpe:2.3:a:oracle:enterprise_command_center_framework:v15:::::::* cpe:2.3:a:oracle:enterprise_command_center_framework:v16:::::::*
Vendors & Products		Oracle Oracle enterprise Command Center Framework
References		https://www.oracle.com/security-alerts/cspujun2026.html
Metrics		cvssV3_1 `{'score': 9.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H'}`

Subscriptions

Oracle Enterprise Command Center Framework

MITRE

Status: PUBLISHED

Assigner: oracle

Published: 2026-06-16T19:27:45.880Z

Updated: 2026-06-17T13:21:26.887Z

Reserved: 2026-05-18T15:55:10.310Z

Link: CVE-2026-46896

Vulnrichment

No data.

NVD

No data.

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-06-17T03:15:02Z

Weaknesses

No weakness.

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object