PatchSiren cyber security CVE debrief
CVE-2026-46886 Oracle Corporation CVE debrief
The CVE record for CVE-2026-46886 was published on 2026-06-17T10:54:06.287Z and has not been modified since then. The NVD entry is currently Analyzed. This vulnerability affects Siebel Apps - Marketing, part of Oracle Siebel CRM, with versions 17.0-26.5 being vulnerable. A low-privileged attacker with network access via HTTP can compromise Siebel Apps - Marketing, potentially leading to a takeover. The CVSS 3.1 Base Score is 8.8, indicating high severity. Security teams and administrators responsible for Siebel Apps - Marketing should prioritize patching this vulnerability to prevent potential takeover.
- Vendor
- Oracle Corporation
- Product
- Siebel Apps - Marketing
- CVSS
- HIGH 8.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-17
- Original CVE updated
- 2026-06-18
- Advisory published
- 2026-06-17
- Advisory updated
- 2026-06-18
Who should care
Security teams and administrators responsible for Siebel Apps - Marketing should prioritize patching this vulnerability to prevent potential takeover. This includes teams managing Siebel Apps - Marketing deployments, security teams monitoring for potential exploits, and administrators responsible for applying patches and updates.
Technical summary
CVE-2026-46886 is a vulnerability in Siebel Apps - Marketing, part of Oracle Siebel CRM. The vulnerability affects versions 17.0-26.5 and allows a low-privileged attacker with network access via HTTP to compromise Siebel Apps - Marketing, potentially leading to a takeover. The CVSS 3.1 Base Score is 8.8, indicating high severity. This vulnerability can be exploited easily, and successful attacks can result in takeover of Siebel Apps - Marketing.
Defensive priority
High priority due to high CVSS score and potential for takeover.
Recommended defensive actions
- Apply patches or updates provided by Oracle Corporation
- Restrict network access to Siebel Apps - Marketing
- Monitor for suspicious activity
- Review and update access controls
- Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up.
- Review the supplied official advisory or CVE record to validate affected scope, severity, and vendor guidance.
- Plan vendor-supported updates or mitigations through normal change control where exposure is confirmed.
Evidence notes
The CVE record and NVD entry provide details on the vulnerability. Oracle Corporation has released a vendor advisory (https://www.oracle.com/security-alerts/cspujun2026.html) with mitigation information. The vulnerability affects Siebel Apps - Marketing, part of Oracle Siebel CRM, with versions 17.0-26.5 being vulnerable. A low-privileged attacker with network access via HTTP can compromise Siebel Apps - Marketing, potentially leading to a takeover.
Official resources
-
CVE-2026-46886 CVE record
CVE.org
-
CVE-2026-46886 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-06-17T10:54:06.287Z and has not been modified since then.