PatchSiren cyber security CVE debrief
CVE-2026-46852 Oracle Corporation CVE debrief
A critical vulnerability, CVE-2026-46852, with a CVSS score of 9.9, was discovered in the Metadata Plugin component of Oracle Enterprise Manager Base Platform versions 13.5 and 24.1. This vulnerability can be easily exploited by a low-privileged attacker with network access via HTTPS, potentially leading to a takeover of the platform. The vulnerability has a significant impact and can affect additional products. Organizations should prioritize patching this vulnerability to prevent potential attacks. The CVE record and NVD entry provide further details about the vulnerability.
- Vendor
- Oracle Corporation
- Product
- Oracle Enterprise Manager Base Platform
- CVSS
- CRITICAL 9.9
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-17
- Original CVE updated
- 2026-06-18
- Advisory published
- 2026-06-17
- Advisory updated
- 2026-06-18
Who should care
Organizations using Oracle Enterprise Manager Base Platform versions 13.5 and 24.1 should prioritize patching this vulnerability to prevent potential attacks. The vulnerability has a significant impact and can affect additional products. Security teams and administrators responsible for Oracle Enterprise Manager Base Platform should take immediate action to patch the vulnerability.
Technical summary
The vulnerability, CVE-2026-46852, is located in the Metadata Plugin component of Oracle Enterprise Manager Base Platform. It allows an attacker to compromise the platform, and successful attacks can result in a takeover. The CVSS vector is CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H. The vulnerability affects versions 13.5 and 24.1 of Oracle Enterprise Manager Base Platform. The CVSS score of 9.9 indicates a critical vulnerability.
Defensive priority
High
Recommended defensive actions
- Apply the patch from Oracle as soon as possible
- Restrict network access to the Oracle Enterprise Manager Base Platform
- Monitor for suspicious activity
- Review and update access controls
- Consider implementing additional security measures
- Review compensating controls for exposed systems while remediation is scheduled and verified
- Track exceptions, retest remediated assets, and close the item only after evidence is documented
Evidence notes
The CVE record was published on 2026-06-17T10:54:02.803Z and was last modified on 2026-06-18T04:16:49.120Z. The NVD entry is currently Analyzed. This information is based on the NVD entry and the CVE record. The vulnerability affects Oracle Enterprise Manager Base Platform versions 13.5 and 24.1. The CVSS score is 9.9, indicating a critical vulnerability. The vulnerability is located in the Metadata Plugin component. The CVE record and NVD entry provide additional context and details about the vulnerability.
Official resources
-
CVE-2026-46852 CVE record
CVE.org
-
CVE-2026-46852 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-06-17T10:54:02.803Z and has not been modified since then. The NVD entry is currently Analyzed.