External risk intelligence

Oracle E-Business Suite Universal Work Queue Takeover Vulnerability

CVE advisorySeverity: CRITICAL (CVSS 9.9)

CVE-2026-46964

A vulnerability in Oracle Universal Work Queue, part of Oracle E-Business Suite, could allow a low-privileged attacker with network access to compromise the system, potentially impacting other products and leading to a full takeover.

Missing Authentication

Halo Surface Signal

Possible · external exposure

3Halo Surface Signal

The vulnerability affects a component of Oracle E-Business Suite, an enterprise application suite typically deployed within internal corporate networks. While the attack vector is network-based via HTTP, it is not inherently designed as a public-facing internet service, though it may be accessible in some environments depending on specific network configurations.

Horizon Alert

Summary of the vulnerability and why it matters

A vulnerability has been identified within Oracle's Universal Work Queue, a component of Oracle E-Business Suite. This issue could allow unauthorized access, potentially leading to a complete takeover of the system and impacting other connected products. The primary concern is to confirm if this technology is in use and if it is exposed to potential threats.

A flaw exists in Oracle's Universal Work Queue.
This could permit unauthorized system control.
Confirm relevance and exposure within your environment.

Attack Path

How an attacker could exploit the issue

An attacker with network access can target the Oracle Universal Work Queue by reaching its Work Provider Site Level Administration feature. This vulnerability is easily exploitable and can lead to a full takeover of the Work Queue, potentially impacting other connected Oracle E-Business Suite products.

Network access required.
Attacker triggers vulnerability via HTTP.
Risk of full system takeover.

Live Threat

Current exploitation, exposure, and threat context

A low-privileged attacker with network access could compromise the Oracle Universal Work Queue, potentially affecting other Oracle E-Business Suite products. This could lead to a complete takeover of the Oracle Universal Work Queue.

Oracle Universal Work Queue system.
Network access via HTTP.
Takeover of the affected system.

Operational Fix

Recommended remediation, mitigation, and detection steps

This vulnerability in Oracle Universal Work Queue, part of Oracle E-Business Suite, requires a coordinated response. Application owners and infrastructure teams managing the Oracle E-Business Suite should prioritize identifying all instances of the affected product, assessing their reachability and business criticality, and confirming the accountable owner. Once identified, a risk-based remediation plan should be developed and executed, potentially involving vendor coordination or temporary mitigations.

Application and infrastructure teams own remediation.
Verify Oracle E-Business Suite instances and reachability.
Plan and coordinate risk-based remediation.

Supplementary metadata

PCI scan relevance

Yes

CVE-2026-46964 — Halo PCI Relevance: Yes. Under typical PCI ASV external scan criteria, this issue may be flagged for scan prioritization.

This vulnerability in Oracle Universal Work Queue allows network-based attackers with low privileges to take over the system, likely causing a PCI ASV scan failure due to the potential for authentication bypass.

Scan-prioritization guidance only—not a PCI DSS certification or ASV attestation.

CVSS vector

Validate whether this threat affects your internet-facing exposure.

Halo Threat Intelligence helps prioritize remediation with Halo Surface Signal and H/A/L/O context. Start exposure validation with a free external attack surface trial.

Free EASM Trial See How Signal Works

Frequently asked questions

What is the Oracle Universal Work Queue?

The Oracle Universal Work Queue is a component of the Oracle E-Business Suite that manages the distribution of work items to agents or users. It acts as an organizational hub, allowing staff to handle various tasks efficiently across different functional areas of the suite. It is integrated into larger enterprise resource planning workflows.

What does CWE-269, CWE-284, and CWE-306 mean for CVE-2026-46964?

These codes identify weaknesses related to improper privilege management, access control, and missing authentication. In the context of CVE-2026-46964, they indicate that the system fails to correctly verify the identity or permissions of a user, allowing an attacker to perform unauthorized actions within the Work Provider Site Level Administration feature.

How does an attacker trigger this vulnerability?

An attacker triggers this flaw by sending specifically crafted HTTP requests to the Work Provider Site Level Administration component. The vulnerability is not triggered by simple passive interaction; it requires the attacker to have network access and the ability to interact directly with the administrative functions of the Work Queue.

Is my Oracle E-Business Suite at risk?

According to Halo Surface Signal, this software is typically deployed within internal corporate networks. While the attack is network-based, the risk depends on your specific network configuration. You should prioritize assessing whether your instances are reachable by unauthorized users or exposed beyond strictly controlled internal network segments.

What are the first steps to address this CVE?

Begin by identifying all running instances of Oracle E-Business Suite that utilize the Universal Work Queue. Once identified, coordinate with your infrastructure and application teams to verify which systems are reachable across your network. Evaluate the business criticality of these instances to prioritize patching or mitigation efforts.

References

www.oracle.com/security-alerts/cspujun2026.html

Written by Nicholas Merritt

External-surface CVE analysis and Halo Surface Signal prioritization for Halo Threat Intelligence.