CVE-2026-46771
MediumCVSS 4.1Exploitation Probability (EPSS)
Low risk4th percentile — higher than 4% of all known CVEs
Summary
Vulnerability in the Oracle Application Development Framework (ADF) product of Oracle Fusion Middleware, affecting versions 12.2.1.4.0 and 14.1.2.0.0. A high-privileged attacker with access to the infrastructure can compromise ADF, leading to unauthorized access to critical data.
Risk Assessment
The risk to the organization involves the potential for unauthorized access to sensitive data or complete access to all data accessible in ADF.
Recommendation
It is recommended to update to the latest version of Oracle ADF and implement appropriate security measures to restrict access to the infrastructure.
Original NVD description (English source)
Vulnerability in the Oracle Application Development Framework (ADF) product of Oracle Fusion Middleware (component: Java Business Objects). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Application Development Framework (ADF) executes to compromise Oracle Application Development Framework (ADF). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Application Development Framework (ADF) accessible data. CVSS 3.1 Base Score 4.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N).

