Zero Day MonitorZDM

← Back to list

9.0

CVE-2026-46833PATCHED

oracle · database_server

CVE-2026-46833: Vulnerability in the Net Service component of Oracle Database Server. Supported versions that are affected are 23.4.0-2

Description

Vulnerability in the Net Service component of Oracle Database Server. Supported versions that are affected are 23.4.0-23.26.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Net Service. While the vulnerability is in Net Service, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Net Service. CVSS 3.1 Base Score 9.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H).

Affected Products

Vendor	Product	Versions
oracle	database_server	23.4.0

Also Affects

Downstream vendors/products affected by this vulnerability

Vendor	Product	Source	Confidence
oracle	database	cert_advisory	90%

References

https://www.oracle.com/security-alerts/cspumay2026.html(vendor-advisory)

Related News (5 articles)

Tier B

CERT-FR12d ago

Bulletin d'actualité CERTFR-2026-ACT-024 (01 juin 2026)

→ No new info (linked only)

Tier B

BSI Advisories15d ago

[NEU] [hoch] Oracle Database Server: Mehrere Schwachstellen

→ No new info (linked only)

Tier D

Heise Security15d ago

Oracle CSPU: 35 Sicherheitsupdates im Mai

→ No new info (linked only)

Tier B

CERT-FR15d ago

Multiples vulnérabilités dans Oracle Database Server (29 mai 2026)

→ No new info (linked only)

Tier C

VulDB15d ago

CVE-2026-46833 | Oracle Database Server up to 23.26.2 Net Service Remote Code Execution

→ No new info (linked only)

CVSS 3.19.0 CRITICAL

VectorCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

CISA KEV❌ No

Actively exploited❌ No

Patch available

https://www.oracle.com/security-alerts/cspumay2026.html

PublishedMay 28, 2026

Last enriched15d agov2

Tags

remote code execution

Trending Score16

Source articles5

Independent4

Info Completeness8/14

Missing: epss, cwe, kev, exploit, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

CRITICALCVE-2026-35273EXPKEV

CVE-2026-35273: Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Updates Environment Mana

HIGHCVE-2026-22016

CVE-2026-22016: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE

MEDIUMCVE-2026-22021

CVE-2026-22021: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE

MEDIUMCVE-2026-22013EXP

CVE-2026-22013: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE

LOWCVE-2026-22018EXP

CVE-2026-22018: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

May 28, 2026

Discovered by ZDM

May 28, 2026

Updated: affectedVersions, tags

May 28, 2026

Patch Available

May 29, 2026

Version History

v2

Last enriched 15d ago

v2Tier C15d ago

Updated affected versions to include 23.26.2, marked exploit availability as false, and added a new tag for remote code execution.

affectedVersionstags

via VulDB

v115d ago

Initial creation