PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-46926 Oracle Corporation CVE debrief

A vulnerability was discovered in Siebel CRM Cloud Applications product of Oracle Siebel CRM (component: Siebel Cloud Manager). The affected versions are 17.0-26.5. This easily exploitable vulnerability allows a low-privileged attacker with logon to the infrastructure where Siebel CRM Cloud Applications executes to compromise Siebel CRM Cloud Applications. While the vulnerability is in Siebel CRM Cloud Applications, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Siebel CRM Cloud Applications. Organizations should prioritize patching this vulnerability.

Vendor
Oracle Corporation
Product
Siebel CRM Cloud Applications
CVSS
HIGH 8.8
CISA KEV
Not listed in stored evidence
Original CVE published
2026-06-17
Original CVE updated
2026-06-18
Advisory published
2026-06-17
Advisory updated
2026-06-18

Who should care

Organizations using Siebel CRM Cloud Applications versions 17.0-26.5 should prioritize patching this vulnerability. A low-privileged attacker with logon access to the infrastructure can exploit this vulnerability, potentially leading to a takeover of Siebel CRM Cloud Applications. Operators, platform administrators, vulnerability management teams, and security teams should be aware of the potential impacts and take necessary actions.

Technical summary

The vulnerability has a CVSS 3.1 Base Score of 8.8, indicating a high severity. The CVSS Vector is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H), showing that the vulnerability allows for high impacts on Confidentiality, Integrity, and Availability. The vulnerability is in the Siebel Cloud Manager component of Siebel CRM Cloud Applications. Successful attacks of this vulnerability can result in takeover of Siebel CRM Cloud Applications.

Defensive priority

High

Recommended defensive actions

  • Apply the patch from Oracle as soon as possible
  • Review and limit logon access to the infrastructure where Siebel CRM Cloud Applications executes
  • Monitor for suspicious activity related to Siebel CRM Cloud Applications
  • Consider implementing compensating controls to mitigate potential impacts
  • Inventory and verify the versions of Siebel CRM Cloud Applications in use
  • Review the supplied official advisory or CVE record to validate affected scope, severity, and vendor guidance
  • Plan vendor-supported updates or mitigations through normal change control where exposure is confirmed

Evidence notes

The CVE record was published on 2026-06-17T10:54:10.177Z and was last modified on 2026-06-18T22:24:49.060Z. The NVD entry is currently Analyzed. This information is based on the NVD entry and the CVE record. The vulnerability affects Siebel CRM Cloud Applications product of Oracle Siebel CRM (component: Siebel Cloud Manager).

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-06-17T10:54:10.177Z and has not been modified since then. The NVD entry is currently Analyzed.