CVE-2026-46824 (CVSS 9.9) — Vulnerability in the Oracle Universal Work Queue product of Oracle E-Business Suite (component: Work Provider Site Level Administration). Supported versions that are affected are 12.2.3-12.2.15. Easi

A critical vulnerability has been published under CVE-2026-46824, affecting the Oracle Universal Work Queue product within Oracle E-Business Suite, specifically the Work Provider Site Level Administration component. The vulnerability carries a CVSS score of 9.9, indicating a severe risk. It impacts all supported versions from 12.2.3 through 12.2.15. The flaw was disclosed on May 28, 2026, via the National Vulnerability Database, and is classified under the CVE framework. No patch details are included in the initial publication, but organizations should treat this as an urgent security advisory.

This vulnerability primarily affects organizations using Oracle E-Business Suite, which is widely deployed across financial services, healthcare, manufacturing, retail, and public sector entities in the EU. Any company relying on Oracle’s ERP platform for order management, customer service, or supply chain operations may be exposed. Given the high CVSS score, the flaw could allow remote attackers to compromise system integrity, availability, or confidentiality without authentication, posing significant operational and regulatory risk under frameworks such as GDPR, NIS2, and sector-specific directives.

Compliance teams should immediately verify whether their organization uses any affected version of Oracle E-Business Suite and prioritize patching as soon as Oracle releases a security update. In the interim, apply network-level access controls to the Work Provider Site Level Administration interface and monitor for unusual activity. Document all risk assessments and mitigation steps to demonstrate due diligence to regulators. Finally, review your incident response plan to ensure it covers exploitation of ERP vulnerabilities, and coordinate with IT security to assess whether compensating controls are sufficient until a permanent fix is available.