CVE-2026-46888 is a vulnerability in Oracle Siebel CRM Deployment version 17.0 affecting the Database Upgrade component. It permits a low privileged attacker who has logon access to the infrastructure hosting Siebel CRM Deployment to compromise the deployment, potentially resulting in full takeover. The CVSS 3.1 vector (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) indicates local attack vector with low attack complexity, requiring low privileges and no user interaction, with high impact on confidentiality, integrity, and availability. The vulnerability is included in Oracle's June 2026 Critical Security Patch Update advisory, which strongly recommends applying patches promptly. However, explicit patch availability or remediation instructions for this specific vulnerability are not detailed in the advisory content provided.

Successful exploitation can lead to complete compromise of the Siebel CRM Deployment, affecting confidentiality, integrity, and availability of the system. The attacker requires only low privileges and local logon access to the infrastructure. There are no known exploits in the wild at this time.

Oracle strongly recommends applying the June 2026 Critical Security Patch Update as soon as possible to address this and other vulnerabilities. Until patches are applied, risk may be reduced by restricting network protocols required for attack and limiting privileges or package access for users without a need. No specific patch or temporary fix status is confirmed from the advisory content; therefore, customers should consult the Oracle advisory directly for the latest patch availability and installation instructions.