{"document":{"category":"csaf_vex","csaf_version":"2.0","title":"CVE-2026-46769: Vulnerability in the Oracle Application Development Framework (ADF) product of Oracle Fusion Middleware (component: ADF Shared Components)","publisher":{"category":"vendor","name":"HarborGuard Database","namespace":"https://database.harborguard.co"},"tracking":{"id":"CVE-2026-46769","status":"final","version":"1","initial_release_date":"2026-06-16T19:27:14.439Z","current_release_date":"2026-06-16T19:27:14.439Z","revision_history":[{"date":"2026-06-16T19:27:14.439Z","number":"1","summary":"Initial machine-readable export from HarborGuard."}]},"distribution":{"tlp":{"label":"WHITE"},"text":"Public CVE data; freely redistributable."},"notes":[{"category":"description","text":"Vulnerability in the Oracle Application Development Framework (ADF) product of Oracle Fusion Middleware (component: ADF Shared Components).  Supported versions that are affected are 12.2.1.4.0 and  14.1.2.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Application Development Framework (ADF).  Successful attacks of this vulnerability can result in takeover of Oracle Application Development Framework (ADF). CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).","title":"CVE description"}],"references":[{"category":"self","summary":"CVE-2026-46769 on HarborGuard Database","url":"https://database.harborguard.co/cve/CVE-2026-46769"},{"category":"external","summary":"CVE Record","url":"https://www.cve.org/CVERecord?id=CVE-2026-46769"},{"category":"external","summary":"Oracle Advisory","url":"https://www.oracle.com/security-alerts/cspujun2026.html"}]},"product_tree":{"branches":[{"category":"vendor","name":"Oracle Corporation","branches":[{"category":"product_name","name":"Oracle Application Development Framework (ADF)","branches":[{"category":"product_version","name":"12.2.1.4.0","product":{"name":"Oracle Corporation Oracle Application Development Framework (ADF) 12.2.1.4.0","product_id":"CSAFPID-1","product_identification_helper":{"cpe":"cpe:2.3:a:oracle_corporation:oracle_application_development_framework_\\(adf\\):*:*:*:*:*:*:*:*"}}},{"category":"product_version","name":"14.1.2.0.0","product":{"name":"Oracle Corporation Oracle Application Development Framework (ADF) 14.1.2.0.0","product_id":"CSAFPID-2","product_identification_helper":{"cpe":"cpe:2.3:a:oracle_corporation:oracle_application_development_framework_\\(adf\\):*:*:*:*:*:*:*:*"}}}]}]}]},"vulnerabilities":[{"cve":"CVE-2026-46769","title":"Vulnerability in the Oracle Application Development Framework (ADF) product of Oracle Fusion Middleware (component: ADF Shared Components)","notes":[{"category":"description","text":"Vulnerability in the Oracle Application Development Framework (ADF) product of Oracle Fusion Middleware (component: ADF Shared Components).  Supported versions that are affected are 12.2.1.4.0 and  14.1.2.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Application Development Framework (ADF).  Successful attacks of this vulnerability can result in takeover of Oracle Application Development Framework (ADF). CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).","title":"CVE description"}],"product_status":{"known_affected":["CSAFPID-1","CSAFPID-2"]},"scores":[{"cvss_v3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":7.2,"baseSeverity":"HIGH"},"products":["CSAFPID-1","CSAFPID-2"]}],"remediations":[{"category":"none_available","details":"No fixed version is published yet. Monitor the upstream advisory.","product_ids":["CSAFPID-1","CSAFPID-2"]}]}]}