PatchSiren cyber security CVE debrief
CVE-2026-46866 Oracle Corporation CVE debrief
A high-severity vulnerability was discovered in Oracle Enterprise Manager Base Platform, affecting versions 13.5 and 24.1. This vulnerability, tracked as CVE-2026-46866, allows unauthenticated attackers with network access via HTTPS to compromise the platform. Successful attacks can result in a hang or frequently repeatable crash (complete DOS) of Oracle Enterprise Manager Base Platform and unauthorized update, insert or delete access to some accessible data. The CVSS 3.1 Base Score is 8.2, indicating a high severity level. Organizations using Oracle Enterprise Manager Base Platform versions 13.5 and 24.1 should prioritize patching this vulnerability to prevent potential exploitation. The vulnerability is an easily exploitable issue in the Agent Next Gen component of Oracle Enterprise Manager Base Platform.
- Vendor
- Oracle Corporation
- Product
- Oracle Enterprise Manager Base Platform
- CVSS
- HIGH 8.2
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-17
- Original CVE updated
- 2026-06-17
- Advisory published
- 2026-06-17
- Advisory updated
- 2026-06-17
Who should care
Organizations using Oracle Enterprise Manager Base Platform versions 13.5 and 24.1 should prioritize patching this vulnerability to prevent potential exploitation. Security teams and administrators responsible for Oracle Enterprise Manager Base Platform deployments should review the official advisory and CVE record to validate affected scope, severity, and vendor guidance. Vulnerability management teams should plan vendor-supported updates or mitigations through normal change control where exposure is confirmed. Asset inventory and security teams should track exceptions, retest remediated assets, and close the item only after evidence is documented.
Technical summary
The vulnerability, tracked as CVE-2026-46866, is an easily exploitable issue in the Agent Next Gen component of Oracle Enterprise Manager Base Platform. It allows unauthenticated attackers with network access via HTTPS to compromise the platform. Successful attacks can result in a hang or frequently repeatable crash (complete DOS) of Oracle Enterprise Manager Base Platform and unauthorized update, insert or delete access to some accessible data. The CVSS 3.1 Base Score is 8.2, indicating a high severity level. The vulnerability affects Oracle Enterprise Manager Base Platform versions 13.5 and 24.1.
Defensive priority
High
Recommended defensive actions
- Apply the vendor-provided patch as soon as possible
- Review and update network access controls to limit exposure
- Monitor Oracle Enterprise Manager Base Platform for unusual activity
- Consider implementing additional security measures such as Web Application Firewalls
- Verify and update inventory of affected systems
- Review compensating controls for exposed systems while remediation is scheduled and verified
- Check relevant monitoring, detection, and logs for exposed assets that need extra review
Evidence notes
The CVE record was published on 2026-06-17T10:54:04.270Z and was last modified on 2026-06-17T15:16:55.557Z. The NVD entry is currently Modified. This information is based on the NVD entry and the CVE record. The vulnerability affects Oracle Enterprise Manager Base Platform versions 13.5 and 24.1. The CVSS 3.1 Base Score is 8.2, indicating a high severity level. The vulnerability allows unauthenticated attackers with network access via HTTPS to compromise the platform, potentially causing a hang or crash and allowing unauthorized data updates. Evidence of exploitation is not currently available, but defenders should verify system logs for unusual activity and monitor for indicators of compromise.
Official resources
-
CVE-2026-46866 CVE record
CVE.org
-
CVE-2026-46866 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-06-17T10:54:04.270Z and has not been modified since then. The NVD entry is currently Modified.