Skip to content
Threat Feed
medium advisory

CVE-2026-46834 - Oracle Database Server Net Service Denial of Service

CVE-2026-46834 is a vulnerability in the Net Service component of Oracle Database Server versions 23.4.0 to 23.26.2 that allows an unauthenticated attacker with network access via TLS to cause a denial-of-service (DoS) condition.

CVE-2026-46834 is a vulnerability affecting the Net Service component of Oracle Database Server. The affected versions range from 23.4.0 to 23.26.2. This vulnerability can be easily exploited by an unauthenticated attacker who has network access via TLS. A successful exploit can result in a complete denial-of-service (DoS) condition, causing the Net Service to hang or crash repeatedly. This vulnerability poses a significant threat to the availability of Oracle Database Servers in affected environments.

Attack Chain

  1. Attacker establishes a TLS connection to the Oracle Database Server’s Net Service.
  2. The attacker sends a malformed request to the Net Service via the established TLS connection.
  3. The malformed request triggers a vulnerability in the Net Service component.
  4. The Net Service attempts to process the malformed request, leading to an error.
  5. Due to the error, the Net Service enters a hung state or crashes.
  6. If the Net Service crashes, it may attempt to restart, but the attacker can continue sending malformed requests to prevent it from becoming available.
  7. The repeated crashing or hanging of the Net Service leads to a denial-of-service condition for legitimate users.

Impact

Successful exploitation of CVE-2026-46834 leads to a denial-of-service condition, making the Oracle Database Server unavailable. This can disrupt critical business operations that depend on the database. The vulnerability is easily exploitable by unauthenticated attackers with network access, increasing the risk of widespread exploitation. The impact is primarily focused on availability.

Recommendation

  • Deploy the Sigma rule Detect CVE-2026-46834 Exploitation Attempt — Malformed TLS Handshake to detect potential exploitation attempts based on malformed TLS requests.
  • Apply the security patch provided by Oracle for CVE-2026-46834 on all affected Oracle Database Server instances to remediate the vulnerability.
  • Monitor network traffic to Oracle Database Servers for suspicious TLS connections and malformed requests, using network connection logs.

Detection coverage 2

Detect CVE-2026-46834 Exploitation Attempt — Malformed TLS Handshake

medium

Detects CVE-2026-46834 exploitation attempt by monitoring for malformed TLS handshakes.

sigma tactics: availability, cve-2026-46834 techniques: T1498 sources: network_connection, windows

Detect CVE-2026-46834 Exploitation Attempt — Repeated Connection Reset

medium

Detects CVE-2026-46834 exploitation attempt by monitoring for a high rate of connection resets from a single source IP to the Oracle Database Server port, which may indicate an attempt to crash the service.

sigma tactics: availability, cve-2026-46834 techniques: T1498 sources: network_connection, windows

Detection queries are available on the platform. Get full rules →