PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-46792 Oracle Corporation CVE debrief

A critical vulnerability was discovered in Oracle Fusion Middleware's Identity Manager Connector, specifically in the Generic Unix Connector component. The vulnerability, tracked as CVE-2026-46792, has a CVSS score of 9.9 and can be easily exploited by a low-privileged attacker with network access via HTTP. This could potentially lead to a takeover of the Identity Manager Connector, which may significantly impact additional products. The CVSS vector is CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H. Organizations should prioritize patching this vulnerability to prevent potential attacks.

Vendor
Oracle Corporation
Product
Identity Manager Connector
CVSS
CRITICAL 9.9
CISA KEV
Not listed in stored evidence
Original CVE published
2026-06-17
Original CVE updated
2026-06-17
Advisory published
2026-06-17
Advisory updated
2026-06-17

Who should care

Organizations using Oracle Fusion Middleware's Identity Manager Connector versions 12.2.1.4.0 and 14.1.2.1.0 should prioritize patching this vulnerability to prevent potential attacks. This includes operators, platform administrators, vulnerability management teams, and security teams who need to assess the impact and implement necessary mitigations.

Technical summary

The vulnerability is located in the Generic Unix Connector component of Identity Manager Connector in Oracle Fusion Middleware. It allows an attacker to compromise the Identity Manager Connector, which could have a significant impact on additional products. The CVSS vector is CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H. This vulnerability can be easily exploited by a low-privileged attacker with network access via HTTP. Successful attacks can result in takeover of Identity Manager Connector. Organizations using Oracle Fusion Middleware's Identity Manager Connector versions 12.2.1.4.0 and 14.1.2.1.0 should prioritize patching this vulnerability to prevent potential attacks.

Defensive priority

High

Recommended defensive actions

  • Apply the patch provided by Oracle Corporation
  • Restrict network access to the Identity Manager Connector
  • Monitor for suspicious activity
  • Review and update access controls
  • Perform a thorough review of the affected product deployments
  • Verify the integrity of the Identity Manager Connector
  • Track exceptions and retest remediated assets

Evidence notes

The CVE record was published on 2026-06-17T10:53:56.800Z and last modified on 2026-06-17T21:36:51.377Z. The NVD entry is currently Analyzed. This information is based on the supplied source corpus and may not reflect the full scope of the vulnerability. Defenders should verify the affected product deployments and review the official advisory for further details.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-06-17T10:53:56.800Z and has not been modified since then. The NVD entry is currently Analyzed.