Skip to content
Threat Feed
medium threat

CVE-2026-46835 - Oracle Database Server Net Service Denial of Service

CVE-2026-46835 is an easily exploitable vulnerability in Oracle Database Server's Net Service component, affecting versions 23.4.0 to 23.26.2, allowing an unauthenticated attacker with network access via TLS to cause a complete denial-of-service (DoS).

CVE-2026-46835 is a vulnerability within the Net Service component of Oracle Database Server. This flaw affects versions ranging from 23.4.0 to 23.26.2. The vulnerability is classified as easily exploitable, enabling a remote, unauthenticated attacker with network access via TLS to compromise the Net Service. Successful exploitation leads to an unauthorized ability to cause a hang or frequently repeatable crash, resulting in a complete denial of service (DoS). This poses a significant risk to database availability and can disrupt critical business operations. The vulnerability was published on 2026-05-28 and defenders need to apply appropriate patches or mitigations.

Attack Chain

  1. The attacker establishes a network connection to the Oracle Database Server via TLS.
  2. The attacker sends a crafted request to the Net Service component.
  3. The vulnerability within the Net Service processes the malicious request without proper validation.
  4. The vulnerable code path leads to a hang or crash within the Net Service process.
  5. The Net Service becomes unavailable, disrupting database connectivity.
  6. The database server experiences a denial-of-service condition.

Impact

Successful exploitation of CVE-2026-46835 results in a complete denial-of-service condition affecting the Oracle Database Server. This can lead to significant downtime, data unavailability, and disruption of business-critical applications that rely on the database. There is no indication of the number of victims or specific sectors targeted at this time, however, any organization utilizing the affected versions of Oracle Database Server is potentially at risk.

Recommendation

  • Apply the security patches provided by Oracle to address CVE-2026-46835 on all affected Oracle Database Server instances to prevent potential denial-of-service attacks.
  • Deploy the Sigma rule Detect CVE-2026-46835 Exploitation Attempt - Malformed TLS Handshake to identify potential exploitation attempts in network traffic.
  • Monitor network traffic for unusual patterns or large volumes of TLS connections to the Oracle Database Server to detect potential DoS attacks.

Detection coverage 2

Detect CVE-2026-46835 Exploitation Attempt - Malformed TLS Handshake

medium

Detects CVE-2026-46835 exploitation — Identifies malformed TLS handshake attempts indicative of a DoS attack against Oracle Database Server

sigma tactics: impact techniques: T1499.001 sources: network_connection, windows

Detect CVE-2026-46835 Exploitation Attempt - Excessive TLS Connections

medium

Detects CVE-2026-46835 exploitation — Monitors for an unusually high number of TLS connections to the Oracle Database Server from a single source IP, potentially indicating a DoS attack.

sigma tactics: impact techniques: T1499.001 sources: network_connection, windows

Detection queries are available on the platform. Get full rules →