CVE-2026-46865: Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Enterprise Manager Base Platform executes to compromise Oracle Enterprise Manager Base Platform. While the vulnerability is in Oracle Enterprise Manager Base Platform, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Enterprise Manager Base Platform. in Oracle Corporation Orac
CVE-2026-46865 is a high-severity vulnerability in Oracle Enterprise Manager Base Platform versions 13.5 and 24.1. It allows a high privileged attacker with logon access to the infrastructure hosting the platform to compromise it, potentially leading to full takeover. The vulnerability impacts confidentiality, integrity, and availability, and may also affect additional Oracle products. Oracle has released a Critical Security Patch Update advisory recommending prompt patch application. No explicit patch version or temporary fix is stated in the advisory, but Oracle strongly urges applying the June 2026 Critical Security Patch Update to mitigate risks.
AI Analysis
Technical Summary
This vulnerability exists in the Extensibility Framework component of Oracle Enterprise Manager Base Platform versions 13.5 and 24.1. It is easily exploitable by an attacker with high privileges and logon access to the infrastructure where the platform runs. Successful exploitation can lead to complete compromise of the Oracle Enterprise Manager Base Platform and may have broader impact on other Oracle products (scope change). The CVSS 3.1 base score is 8.2, indicating high severity with impacts on confidentiality, integrity, and availability. Oracle’s June 2026 Critical Security Patch Update advisory addresses this and numerous other vulnerabilities, recommending customers apply patches promptly. The advisory does not explicitly confirm the patch status for this specific CVE but strongly advises applying the update to mitigate the threat.
Potential Impact
A successful exploit of CVE-2026-46865 can result in full takeover of the Oracle Enterprise Manager Base Platform, compromising confidentiality, integrity, and availability of the platform. Due to scope change, additional Oracle products integrated or managed by the platform may also be significantly impacted. The vulnerability requires high privileges and logon access to the infrastructure, limiting the attack vector to insiders or attackers who have already gained elevated access.
Mitigation Recommendations
Oracle strongly recommends applying the June 2026 Critical Security Patch Update, which includes security patches addressing this vulnerability. Until patches are applied, risk may be reduced by restricting privileges and access to necessary packages only to authorized users, and by blocking network protocols required for exploitation, though these measures may impact functionality. No official patch version is explicitly stated for this CVE, so customers should consult the Oracle advisory at https://www.oracle.com/security-alerts/cspujun2026.html for detailed patch availability and installation instructions. Patch status is not yet confirmed explicitly for this CVE; check the vendor advisory for current remediation guidance.
CVE-2026-46865: Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Enterprise Manager Base Platform executes to compromise Oracle Enterprise Manager Base Platform. While the vulnerability is in Oracle Enterprise Manager Base Platform, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Enterprise Manager Base Platform. in Oracle Corporation Orac
Description
CVE-2026-46865 is a high-severity vulnerability in Oracle Enterprise Manager Base Platform versions 13.5 and 24.1. It allows a high privileged attacker with logon access to the infrastructure hosting the platform to compromise it, potentially leading to full takeover. The vulnerability impacts confidentiality, integrity, and availability, and may also affect additional Oracle products. Oracle has released a Critical Security Patch Update advisory recommending prompt patch application. No explicit patch version or temporary fix is stated in the advisory, but Oracle strongly urges applying the June 2026 Critical Security Patch Update to mitigate risks.
CVSS v3.1
Score 8.2high
Affected software
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability exists in the Extensibility Framework component of Oracle Enterprise Manager Base Platform versions 13.5 and 24.1. It is easily exploitable by an attacker with high privileges and logon access to the infrastructure where the platform runs. Successful exploitation can lead to complete compromise of the Oracle Enterprise Manager Base Platform and may have broader impact on other Oracle products (scope change). The CVSS 3.1 base score is 8.2, indicating high severity with impacts on confidentiality, integrity, and availability. Oracle’s June 2026 Critical Security Patch Update advisory addresses this and numerous other vulnerabilities, recommending customers apply patches promptly. The advisory does not explicitly confirm the patch status for this specific CVE but strongly advises applying the update to mitigate the threat.
Potential Impact
A successful exploit of CVE-2026-46865 can result in full takeover of the Oracle Enterprise Manager Base Platform, compromising confidentiality, integrity, and availability of the platform. Due to scope change, additional Oracle products integrated or managed by the platform may also be significantly impacted. The vulnerability requires high privileges and logon access to the infrastructure, limiting the attack vector to insiders or attackers who have already gained elevated access.
Mitigation Recommendations
Oracle strongly recommends applying the June 2026 Critical Security Patch Update, which includes security patches addressing this vulnerability. Until patches are applied, risk may be reduced by restricting privileges and access to necessary packages only to authorized users, and by blocking network protocols required for exploitation, though these measures may impact functionality. No official patch version is explicitly stated for this CVE, so customers should consult the Oracle advisory at https://www.oracle.com/security-alerts/cspujun2026.html for detailed patch availability and installation instructions. Patch status is not yet confirmed explicitly for this CVE; check the vendor advisory for current remediation guidance.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- oracle
- Date Reserved
- 2026-05-18T15:55:10.308Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
- Vendor Advisory Urls
- [{"url":"https://www.oracle.com/security-alerts/cspujun2026.html","vendor":"Oracle"}]
Threat ID: 6a31b61b0b89be6888265b51
Added to database: 6/16/2026, 8:46:19 PM
Last enriched: 6/16/2026, 10:00:39 PM
Last updated: 6/17/2026, 5:11:15 AM
Views: 2
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.