CVE-2026-46770
Awaiting Analysis Awaiting Analysis - Queue
Authentication Bypass in Oracle ADF

Publication date: 2026-06-17

Last updated on: 2026-06-17

Assigner: Oracle

Description
Vulnerability in the Oracle Application Development Framework (ADF) product of Oracle Fusion Middleware (component: Security Framework). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Development Framework (ADF). Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Application Development Framework (ADF), attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Development Framework (ADF) accessible data as well as unauthorized read access to a subset of Oracle Application Development Framework (ADF) accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-17
Last Modified
2026-06-17
Generated
2026-06-17
AI Q&A
2026-06-17
EPSS Evaluated
N/A
NVD
CVE-2026-46770
EUVD
EUVD-2026-37459
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
oracle application_development_framework 12.2.1.4.0
oracle application_development_framework 14.1.2.0.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the Oracle Application Development Framework (ADF) component of Oracle Fusion Middleware, specifically in the Security Framework. It affects versions 12.2.1.4.0 and 14.1.2.0.0. The flaw allows an unauthenticated attacker with network access via HTTP to exploit the system. However, successful exploitation requires human interaction from someone other than the attacker. The vulnerability can lead to unauthorized update, insertion, or deletion of some data accessible through Oracle ADF, as well as unauthorized read access to a subset of that data.

Impact Analysis

If exploited, this vulnerability can allow an attacker to gain unauthorized access to Oracle ADF data. This includes the ability to read sensitive information without permission and to modify data by updating, inserting, or deleting it. Such unauthorized actions can compromise the integrity and confidentiality of your data, potentially disrupting business operations or leading to data breaches.

Compliance Impact

The vulnerability allows unauthorized read and modification access to data accessible through Oracle Application Development Framework (ADF). Such unauthorized access and data manipulation could potentially lead to violations of data protection regulations like GDPR and HIPAA, which require strict controls over data confidentiality and integrity.

However, the provided information does not explicitly mention the impact on compliance with specific standards or regulations.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-46770. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart