What is GHSA-mcf7-2r26-r689?

GHSA-mcf7-2r26-r689 is a security advisory published by GitHub Security Advisories with Critical severity. Vulnerability in the Oracle iAssets product of Oracle E-Business Suite (component: Internal...

Which CVE IDs does GHSA-mcf7-2r26-r689 cover?

GHSA-mcf7-2r26-r689 covers the following CVE IDs: CVE-2026-46822. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-mcf7-2r26-r689?

GHSA-mcf7-2r26-r689 has a CVSS v3 base score of 9.9, published by GitHub Security Advisories.

GHSA-mcf7-2r26-r689CriticalCVSS 9.9

Vulnerability in the Oracle iAssets product of Oracle E-Business Suite (component: Internal...

Vendor

GitHub Security Advisories

Published

May 28, 2026

Last Modified

May 28, 2026

🔗 CVE IDs covered (1)

CVE-2026-46822 →

📋 Description

Vulnerability in the Oracle iAssets product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle iAssets. While the vulnerability is in Oracle iAssets, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle iAssets. CVSS 3.1 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).

🔗 References (3)

https://nvd.nist.gov/vuln/detail/CVE-2026-46822
https://www.oracle.com/security-alerts/cspumay2026.html
https://github.com/advisories/GHSA-mcf7-2r26-r689