CVE-2026-46868 is a vulnerability in the Extensibility Framework component of Oracle Enterprise Manager Base Platform versions 13.5 and 24.1. It is exploitable by a high privileged attacker with network access over HTTPS and can lead to full compromise of the platform. The CVSS 3.1 vector (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H) indicates network attack vector, low attack complexity, high privileges required, no user interaction, unchanged scope, and high impact on confidentiality, integrity, and availability. Oracle has addressed this vulnerability in its June 2026 Critical Security Patch Update, which includes 245 security patches across various Oracle products. The vendor advisory emphasizes the importance of applying patches without delay and suggests possible temporary mitigations such as blocking network protocols or removing unnecessary privileges, though these may affect application functionality.

Successful exploitation allows a high privileged attacker with network access via HTTPS to fully compromise the Oracle Enterprise Manager Base Platform, impacting confidentiality, integrity, and availability of the system. This can lead to complete takeover of the platform, posing significant operational and security risks.

Oracle has released patches for this vulnerability as part of the June 2026 Critical Security Patch Update. Customers are strongly advised to apply these security patches promptly to mitigate the risk. Until patches are applied, risk may be reduced by blocking network protocols required for exploitation or by removing unnecessary privileges from users, though these measures may disrupt normal application functionality. Oracle recommends staying on actively supported versions and applying patches without delay.