PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-46886 Oracle Corporation CVE debrief

The CVE record for CVE-2026-46886 was published on 2026-06-17T10:54:06.287Z and has not been modified since then. The NVD entry is currently Analyzed. This vulnerability affects Siebel Apps - Marketing, part of Oracle Siebel CRM, with versions 17.0-26.5 being vulnerable. A low-privileged attacker with network access via HTTP can compromise Siebel Apps - Marketing, potentially leading to a takeover. The CVSS 3.1 Base Score is 8.8, indicating high severity. Security teams and administrators responsible for Siebel Apps - Marketing should prioritize patching this vulnerability to prevent potential takeover.

Vendor
Oracle Corporation
Product
Siebel Apps - Marketing
CVSS
HIGH 8.8
CISA KEV
Not listed in stored evidence
Original CVE published
2026-06-17
Original CVE updated
2026-06-18
Advisory published
2026-06-17
Advisory updated
2026-06-18

Who should care

Security teams and administrators responsible for Siebel Apps - Marketing should prioritize patching this vulnerability to prevent potential takeover. This includes teams managing Siebel Apps - Marketing deployments, security teams monitoring for potential exploits, and administrators responsible for applying patches and updates.

Technical summary

CVE-2026-46886 is a vulnerability in Siebel Apps - Marketing, part of Oracle Siebel CRM. The vulnerability affects versions 17.0-26.5 and allows a low-privileged attacker with network access via HTTP to compromise Siebel Apps - Marketing, potentially leading to a takeover. The CVSS 3.1 Base Score is 8.8, indicating high severity. This vulnerability can be exploited easily, and successful attacks can result in takeover of Siebel Apps - Marketing.

Defensive priority

High priority due to high CVSS score and potential for takeover.

Recommended defensive actions

  • Apply patches or updates provided by Oracle Corporation
  • Restrict network access to Siebel Apps - Marketing
  • Monitor for suspicious activity
  • Review and update access controls
  • Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up.
  • Review the supplied official advisory or CVE record to validate affected scope, severity, and vendor guidance.
  • Plan vendor-supported updates or mitigations through normal change control where exposure is confirmed.

Evidence notes

The CVE record and NVD entry provide details on the vulnerability. Oracle Corporation has released a vendor advisory (https://www.oracle.com/security-alerts/cspujun2026.html) with mitigation information. The vulnerability affects Siebel Apps - Marketing, part of Oracle Siebel CRM, with versions 17.0-26.5 being vulnerable. A low-privileged attacker with network access via HTTP can compromise Siebel Apps - Marketing, potentially leading to a takeover.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-06-17T10:54:06.287Z and has not been modified since then.