CVE-2026-46827

8.8 HIGH

Vulnerability in the Oracle Payroll product of Oracle E-Business Suite (component: Self Service Manager)

Published: 2026-05-28 · Last updated: 2026-06-03

Severity and scoring

CVSS: 8.8 HIGH
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-269, CWE-284, CWE-287, CWE-306

Affected products

Vendor	Product
oracle	e-business_suite

Description

Vulnerability in the Oracle Payroll product of Oracle E-Business Suite (component: Self Service Manager). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Payroll. Successful attacks of this vulnerability can result in takeover of Oracle Payroll. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

Source: NVD

References

[NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-46827
[Vendor advisory]https://www.oracle.com/security-alerts/cspumay2026.html

Related CVEs

Same vendor

CVE-2026-35273 — Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Updates Environment Management) (9.8 CRITICAL)
CVE-2026-46843 — Vulnerability in Oracle REST Data Services (component: Core) (5.3 MEDIUM)
CVE-2026-46842 — Vulnerability in Oracle REST Data Services (component: Core) (5.3 MEDIUM)
CVE-2026-46841 — Vulnerability in Oracle REST Data Services (component: General) (5.3 MEDIUM)
CVE-2026-46840 — Vulnerability in Oracle REST Data Services (component: Backend-as-a-Service) (10.0 CRITICAL)

Same CWE

CVE-2024-38487 — api-gateway container running with root privilege would allow an attacker to escape the container and access host system to perform unint... (7.0 HIGH)
CVE-2026-48780 — Forem is open source software for building communities (8.2 HIGH)
CVE-2026-0647 — An improper authentication security issue exists within the 1794-AENTR adapter's embedded web server
CVE-2026-12313 — Information disclosure, sandbox escape in the Security: Process Sandboxing component (4.7 MEDIUM)
CVE-2026-12289 — Privilege escalation in the Graphics: WebRender component (8.8 HIGH)