CVE-2026-46776

Awaiting Analysis Awaiting Analysis - Queue

Oracle Unified Directory LDAP Access Control Bypass

Publication date: 2026-06-17

Last updated on: 2026-06-17

Assigner: Oracle

Description

Vulnerability in the Oracle Unified Directory product of Oracle Fusion Middleware (component: OUD Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via LDAP to compromise Oracle Unified Directory. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Unified Directory accessible data as well as unauthorized read access to a subset of Oracle Unified Directory accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Unified Directory. CVSS 3.1 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L).

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published

2026-06-17

Last Modified

2026-06-17

Generated

2026-06-17

AI Q&A

2026-06-17

EPSS Evaluated

N/A

NVD

CVE-2026-46776

EUVD

EUVD-2026-37294

Affected Vendors & Products

Vendor	Product	Version / Range
oracle	unified_directory	12.2.1.4.0
oracle	unified_directory	14.1.2.1.0

Helpful Resources

Exploitability

CWE

KEV

CWE ID	Description
CWE-UNKNOWN

Attack-Flow Graph

Executive Summary

This vulnerability exists in the Oracle Unified Directory product of Oracle Fusion Middleware, specifically in the OUD Core component. It affects supported versions 12.2.1.4.0 and 14.1.2.1.0. The vulnerability is easily exploitable by an unauthenticated attacker who has network access via LDAP.

An attacker exploiting this vulnerability can compromise Oracle Unified Directory by gaining unauthorized capabilities such as creating, deleting, or modifying critical data or any data accessible through Oracle Unified Directory. Additionally, the attacker can read some subset of the accessible data without authorization and cause a partial denial of service (partial DOS) on the Oracle Unified Directory.

Impact Analysis

The impact of this vulnerability includes unauthorized creation, deletion, or modification of critical or accessible data within Oracle Unified Directory. This can lead to data integrity issues and potential data loss.

There is also unauthorized read access to some data, which can result in confidentiality breaches.

Furthermore, the vulnerability allows an attacker to cause a partial denial of service, affecting the availability of Oracle Unified Directory services.

Hi! I’m here to help you understand CVE-2026-46776. Ask me anything about the vulnerability, its impact, or mitigation strategies.

0/70

CVE-2026-46776

Oracle Unified Directory LDAP Access Control Bypass

Description

CVSS Scores

EPSS Scores

Meta Information

Affected Vendors & Products

Helpful Resources

Exploitability

Attack-Flow Graph

AI Quick Actions

Chat Assistant

EPSS Chart