PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-46901 Oracle Corporation CVE debrief

A critical vulnerability was discovered in Oracle Enterprise Command Center Framework, which could allow an attacker to compromise the system and gain unauthorized access to critical data. The vulnerability, CVE-2026-46901, affects versions V15 and V16 of the product and has a CVSS score of 9.9, indicating a high severity level. The vulnerability allows an attacker with low privileges and network access via HTTP to compromise the system, potentially leading to unauthorized creation, deletion, or modification of critical data, as well as unauthorized access to critical data or complete access to all Oracle Enterprise Command Center Framework accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Enterprise Command Center Framework.

Vendor
Oracle Corporation
Product
Oracle Enterprise Command Center Framework
CVSS
CRITICAL 9.9
CISA KEV
Not listed in stored evidence
Original CVE published
2026-06-17
Original CVE updated
2026-06-18
Advisory published
2026-06-17
Advisory updated
2026-06-18

Who should care

Security teams and administrators responsible for Oracle Enterprise Command Center Framework should be aware of this vulnerability and take immediate action to mitigate it. Affected teams may include those responsible for vulnerability management, incident response, and system administration. Additionally, operators and platform administrators may need to review and implement compensating controls to detect and prevent similar attacks.

Technical summary

The vulnerability, CVE-2026-46901, is a critical issue in Oracle Enterprise Command Center Framework that allows an attacker with low privileges and network access via HTTP to compromise the system. Successful attacks can result in unauthorized creation, deletion, or modification of critical data, as well as unauthorized access to critical data or complete access to all Oracle Enterprise Command Center Framework accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Enterprise Command Center Framework. The CVSS 3.1 Base Score is 9.9 (Confidentiality, Integrity and Availability impacts). The CVSS Vector is (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L).

Defensive priority

High

Recommended defensive actions

  • Apply the vendor-provided patch
  • Restrict network access to Oracle Enterprise Command Center Framework
  • Monitor system logs for suspicious activity
  • Implement compensating controls to detect and prevent similar attacks
  • Conduct regular vulnerability assessments and penetration testing
  • Review relevant monitoring, detection, and logs for exposed assets that need extra review
  • Track exceptions, retest remediated assets, and close the item only after evidence is documented

Evidence notes

The CVE record was published on 2026-06-17T10:54:07.840Z and was last modified on 2026-06-18T04:16:58.327Z. The NVD entry is currently Analyzed. This information is based on the supplied source corpus and may not reflect the full scope of the vulnerability. Further verification is recommended.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-06-17T10:54:07.840Z and has not been modified since then. The NVD entry is currently Analyzed.