PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-46865 Oracle Corporation CVE debrief

A high-severity vulnerability was discovered in Oracle Enterprise Manager Base Platform, affecting versions 13.5 and 24.1. The vulnerability, CVE-2026-46865, has a CVSS score of 8.2 and allows high-privileged attackers with logon access to compromise the platform. Successful attacks can result in takeover of Oracle Enterprise Manager Base Platform. This vulnerability is located in the Extensibility Framework component and has a significant impact on affected systems.

Vendor
Oracle Corporation
Product
Oracle Enterprise Manager Base Platform
CVSS
HIGH 8.2
CISA KEV
Not listed in stored evidence
Original CVE published
2026-06-17
Original CVE updated
2026-06-18
Advisory published
2026-06-17
Advisory updated
2026-06-18

Who should care

Organizations using Oracle Enterprise Manager Base Platform versions 13.5 and 24.1 should prioritize patching this vulnerability to prevent potential compromise. This is crucial for operators, platform administrators, and security teams to ensure the security and integrity of their systems. They should assess their exposure, review access controls, and implement compensating controls if necessary.

Technical summary

The vulnerability, CVE-2026-46865, is located in the Extensibility Framework component of Oracle Enterprise Manager Base Platform, affecting versions 13.5 and 24.1. It has a CVSS vector of CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H, indicating a high severity. High-privileged attackers with logon access to the infrastructure can exploit this vulnerability, potentially leading to a takeover of Oracle Enterprise Manager Base Platform. The vulnerability allows attackers to compromise the platform, impacting confidentiality, integrity, and availability.

Defensive priority

High priority should be given to patching this vulnerability due to its high severity and potential impact on affected systems. Organizations should review and update access controls to limit logon access to infrastructure and monitor Oracle Enterprise Manager Base Platform for suspicious activity. Implementing compensating controls to mitigate potential impact is also recommended until patches can be applied.

Recommended defensive actions

  • Apply the patch from Oracle as soon as possible
  • Review and update access controls to limit logon access to infrastructure
  • Monitor Oracle Enterprise Manager Base Platform for suspicious activity
  • Consider implementing compensating controls to mitigate potential impact
  • Review the supplied official advisory or CVE record to validate affected scope, severity, and vendor guidance
  • Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up
  • Plan vendor-supported updates or mitigations through normal change control where exposure is confirmed

Evidence notes

The CVE record was published on 2026-06-17T10:54:04.170Z and modified on 2026-06-18T04:16:53.200Z. The NVD entry is currently Modified. This information is based on the provided source corpus. Further verification is recommended to confirm the accuracy of this information.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-06-17T10:54:04.170Z and has not been modified since then. The NVD entry is currently Modified.