CVE-2026-46832: Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle Enterprise Manager Base Platform. While the vulnerability is in Oracle Enterprise Manager Base Platform, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Enterprise Manager Base Platform. in Oracle Corporation Oracle Enterprise Manager Base Platform
CVE-2026-46832 is a critical vulnerability in Oracle Enterprise Manager Base Platform versions 13.5 and 24.1. It allows a low privileged attacker with network access via HTTPS to compromise the platform, potentially leading to full takeover. The vulnerability also has scope to impact additional Oracle products. It has a CVSS 3.1 base score of 9.9, indicating high confidentiality, integrity, and availability impacts. Oracle has included this vulnerability in its June 2026 Critical Security Patch Update advisory. No explicit patch or fix version is stated in the advisory content, but Oracle strongly recommends applying the Critical Security Patch Update promptly. Mitigations include blocking required network protocols and removing unnecessary privileges until patches are applied. No known exploits in the wild have been reported yet.
AI Analysis
Technical Summary
CVE-2026-46832 is a vulnerability in the Discovery Framework component of Oracle Enterprise Manager Base Platform versions 13.5 and 24.1. It allows an attacker with low privileges and network access via HTTPS to compromise the platform, potentially leading to full system takeover. The vulnerability affects confidentiality, integrity, and availability with a CVSS 3.1 score of 9.9 and has a scope change that may impact additional Oracle products. Oracle has published this vulnerability in its June 2026 Critical Security Patch Update advisory but has not explicitly detailed a specific patch version in the provided content. Oracle strongly advises applying the Critical Security Patch Update to mitigate this risk. Temporary mitigations include blocking attack-related network protocols and restricting privileges for users who do not require them.
Potential Impact
Successful exploitation of CVE-2026-46832 can lead to complete compromise of the Oracle Enterprise Manager Base Platform, affecting confidentiality, integrity, and availability. The vulnerability also has the potential to impact additional Oracle products beyond the base platform due to scope change. This could result in unauthorized access, data breaches, and disruption of services managed by the platform.
Mitigation Recommendations
Oracle strongly recommends applying the June 2026 Critical Security Patch Update as soon as possible to remediate this vulnerability. Until patches are applied, risk can be reduced by blocking network protocols required by the attack and removing unnecessary privileges from users who do not need them. These mitigations may impact application functionality and should be applied cautiously. Patch status is not explicitly confirmed in the advisory content; therefore, customers should consult the Oracle advisory at https://www.oracle.com/security-alerts/cspujun2026.html for the latest patch availability and installation instructions.
CVE-2026-46832: Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle Enterprise Manager Base Platform. While the vulnerability is in Oracle Enterprise Manager Base Platform, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Enterprise Manager Base Platform. in Oracle Corporation Oracle Enterprise Manager Base Platform
Description
CVE-2026-46832 is a critical vulnerability in Oracle Enterprise Manager Base Platform versions 13.5 and 24.1. It allows a low privileged attacker with network access via HTTPS to compromise the platform, potentially leading to full takeover. The vulnerability also has scope to impact additional Oracle products. It has a CVSS 3.1 base score of 9.9, indicating high confidentiality, integrity, and availability impacts. Oracle has included this vulnerability in its June 2026 Critical Security Patch Update advisory. No explicit patch or fix version is stated in the advisory content, but Oracle strongly recommends applying the Critical Security Patch Update promptly. Mitigations include blocking required network protocols and removing unnecessary privileges until patches are applied. No known exploits in the wild have been reported yet.
CVSS v3.1
Score 9.9critical
Affected software
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-46832 is a vulnerability in the Discovery Framework component of Oracle Enterprise Manager Base Platform versions 13.5 and 24.1. It allows an attacker with low privileges and network access via HTTPS to compromise the platform, potentially leading to full system takeover. The vulnerability affects confidentiality, integrity, and availability with a CVSS 3.1 score of 9.9 and has a scope change that may impact additional Oracle products. Oracle has published this vulnerability in its June 2026 Critical Security Patch Update advisory but has not explicitly detailed a specific patch version in the provided content. Oracle strongly advises applying the Critical Security Patch Update to mitigate this risk. Temporary mitigations include blocking attack-related network protocols and restricting privileges for users who do not require them.
Potential Impact
Successful exploitation of CVE-2026-46832 can lead to complete compromise of the Oracle Enterprise Manager Base Platform, affecting confidentiality, integrity, and availability. The vulnerability also has the potential to impact additional Oracle products beyond the base platform due to scope change. This could result in unauthorized access, data breaches, and disruption of services managed by the platform.
Mitigation Recommendations
Oracle strongly recommends applying the June 2026 Critical Security Patch Update as soon as possible to remediate this vulnerability. Until patches are applied, risk can be reduced by blocking network protocols required by the attack and removing unnecessary privileges from users who do not need them. These mitigations may impact application functionality and should be applied cautiously. Patch status is not explicitly confirmed in the advisory content; therefore, customers should consult the Oracle advisory at https://www.oracle.com/security-alerts/cspujun2026.html for the latest patch availability and installation instructions.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- oracle
- Date Reserved
- 2026-05-18T15:55:10.305Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
- Vendor Advisory Urls
- [{"url":"https://www.oracle.com/security-alerts/cspujun2026.html","vendor":"Oracle"}]
Threat ID: 6a31b6160b89be68882659d0
Added to database: 6/16/2026, 8:46:14 PM
Last enriched: 6/16/2026, 11:01:27 PM
Last updated: 6/17/2026, 5:01:02 AM
Views: 3
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.