PatchSiren cyber security CVE debrief
CVE-2026-46792 Oracle Corporation CVE debrief
A critical vulnerability was discovered in Oracle Fusion Middleware's Identity Manager Connector, specifically in the Generic Unix Connector component. The vulnerability, tracked as CVE-2026-46792, has a CVSS score of 9.9 and can be easily exploited by a low-privileged attacker with network access via HTTP. This could potentially lead to a takeover of the Identity Manager Connector, which may significantly impact additional products. The CVSS vector is CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H. Organizations should prioritize patching this vulnerability to prevent potential attacks.
- Vendor
- Oracle Corporation
- Product
- Identity Manager Connector
- CVSS
- CRITICAL 9.9
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-17
- Original CVE updated
- 2026-06-17
- Advisory published
- 2026-06-17
- Advisory updated
- 2026-06-17
Who should care
Organizations using Oracle Fusion Middleware's Identity Manager Connector versions 12.2.1.4.0 and 14.1.2.1.0 should prioritize patching this vulnerability to prevent potential attacks. This includes operators, platform administrators, vulnerability management teams, and security teams who need to assess the impact and implement necessary mitigations.
Technical summary
The vulnerability is located in the Generic Unix Connector component of Identity Manager Connector in Oracle Fusion Middleware. It allows an attacker to compromise the Identity Manager Connector, which could have a significant impact on additional products. The CVSS vector is CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H. This vulnerability can be easily exploited by a low-privileged attacker with network access via HTTP. Successful attacks can result in takeover of Identity Manager Connector. Organizations using Oracle Fusion Middleware's Identity Manager Connector versions 12.2.1.4.0 and 14.1.2.1.0 should prioritize patching this vulnerability to prevent potential attacks.
Defensive priority
High
Recommended defensive actions
- Apply the patch provided by Oracle Corporation
- Restrict network access to the Identity Manager Connector
- Monitor for suspicious activity
- Review and update access controls
- Perform a thorough review of the affected product deployments
- Verify the integrity of the Identity Manager Connector
- Track exceptions and retest remediated assets
Evidence notes
The CVE record was published on 2026-06-17T10:53:56.800Z and last modified on 2026-06-17T21:36:51.377Z. The NVD entry is currently Analyzed. This information is based on the supplied source corpus and may not reflect the full scope of the vulnerability. Defenders should verify the affected product deployments and review the official advisory for further details.
Official resources
-
CVE-2026-46792 CVE record
CVE.org
-
CVE-2026-46792 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-06-17T10:53:56.800Z and has not been modified since then. The NVD entry is currently Analyzed.