CVE-2026-46920: Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel CRM Cloud Applications. Successful attacks of this vulnerability can result in takeover of Siebel CRM Cloud Applications. in Oracle Corporation Siebel CRM Cloud Applications
CVE-2026-46920 is a high-severity vulnerability in Oracle Siebel CRM Cloud Applications (Siebel Cloud Manager component) affecting version 17.0. It allows an unauthenticated attacker with network access via HTTP to potentially compromise the application, leading to full takeover. The vulnerability has a CVSS 3.1 base score of 8.1, indicating high impact on confidentiality, integrity, and availability. Oracle has published a Critical Security Patch Update advisory recommending prompt patching. No explicit patch version is stated for Siebel CRM Cloud Applications in the advisory, but Oracle strongly urges applying the June 2026 Critical Security Patch Update to mitigate this and other vulnerabilities. Mitigations include applying the security patches as soon as possible and potentially blocking network protocols required by the attack, though this may affect functionality.
AI Analysis
Technical Summary
CVE-2026-46920 is a vulnerability in Oracle Siebel CRM Cloud Applications, specifically the Siebel Cloud Manager component, affecting version 17.0. The vulnerability allows an unauthenticated attacker with network access over HTTP to compromise the application, potentially resulting in full takeover. The CVSS 3.1 vector (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) indicates network attack vector with high attack complexity, no privileges or user interaction required, and high impact on confidentiality, integrity, and availability. Oracle's June 2026 Critical Security Patch Update advisory includes this vulnerability among 245 fixes across multiple products. While the advisory does not explicitly state a fixed version or patch for Siebel CRM Cloud Applications, Oracle strongly recommends applying the Critical Security Patch Update promptly to address this and other vulnerabilities. Workarounds may include blocking network protocols required by the attack or restricting privileges, but these may disrupt application functionality.
Potential Impact
Successful exploitation of CVE-2026-46920 can lead to complete compromise of Oracle Siebel CRM Cloud Applications, impacting confidentiality, integrity, and availability of the system. An unauthenticated attacker with network access via HTTP could take over the application, potentially leading to unauthorized data access, modification, or service disruption.
Mitigation Recommendations
Oracle strongly recommends applying the June 2026 Critical Security Patch Update as soon as possible to remediate this vulnerability. Until patches are applied, risk may be reduced by blocking network protocols required by the attack or removing unnecessary privileges from users, though these mitigations may affect application functionality. Patch status is not explicitly confirmed for Siebel CRM Cloud Applications in the advisory; therefore, customers should consult the Oracle advisory at https://www.oracle.com/security-alerts/cspujun2026.html for the latest patch availability and installation instructions.
CVE-2026-46920: Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel CRM Cloud Applications. Successful attacks of this vulnerability can result in takeover of Siebel CRM Cloud Applications. in Oracle Corporation Siebel CRM Cloud Applications
Description
CVE-2026-46920 is a high-severity vulnerability in Oracle Siebel CRM Cloud Applications (Siebel Cloud Manager component) affecting version 17.0. It allows an unauthenticated attacker with network access via HTTP to potentially compromise the application, leading to full takeover. The vulnerability has a CVSS 3.1 base score of 8.1, indicating high impact on confidentiality, integrity, and availability. Oracle has published a Critical Security Patch Update advisory recommending prompt patching. No explicit patch version is stated for Siebel CRM Cloud Applications in the advisory, but Oracle strongly urges applying the June 2026 Critical Security Patch Update to mitigate this and other vulnerabilities. Mitigations include applying the security patches as soon as possible and potentially blocking network protocols required by the attack, though this may affect functionality.
CVSS v3.1
Score 8.1high
Affected software
pkg:maven/com.oracle/siebel-crm-cloud-applicationsRun on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-46920 is a vulnerability in Oracle Siebel CRM Cloud Applications, specifically the Siebel Cloud Manager component, affecting version 17.0. The vulnerability allows an unauthenticated attacker with network access over HTTP to compromise the application, potentially resulting in full takeover. The CVSS 3.1 vector (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) indicates network attack vector with high attack complexity, no privileges or user interaction required, and high impact on confidentiality, integrity, and availability. Oracle's June 2026 Critical Security Patch Update advisory includes this vulnerability among 245 fixes across multiple products. While the advisory does not explicitly state a fixed version or patch for Siebel CRM Cloud Applications, Oracle strongly recommends applying the Critical Security Patch Update promptly to address this and other vulnerabilities. Workarounds may include blocking network protocols required by the attack or restricting privileges, but these may disrupt application functionality.
Potential Impact
Successful exploitation of CVE-2026-46920 can lead to complete compromise of Oracle Siebel CRM Cloud Applications, impacting confidentiality, integrity, and availability of the system. An unauthenticated attacker with network access via HTTP could take over the application, potentially leading to unauthorized data access, modification, or service disruption.
Mitigation Recommendations
Oracle strongly recommends applying the June 2026 Critical Security Patch Update as soon as possible to remediate this vulnerability. Until patches are applied, risk may be reduced by blocking network protocols required by the attack or removing unnecessary privileges from users, though these mitigations may affect application functionality. Patch status is not explicitly confirmed for Siebel CRM Cloud Applications in the advisory; therefore, customers should consult the Oracle advisory at https://www.oracle.com/security-alerts/cspujun2026.html for the latest patch availability and installation instructions.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- oracle
- Date Reserved
- 2026-05-18T15:55:10.311Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
- Vendor Advisory Urls
- [{"url":"https://www.oracle.com/security-alerts/cspujun2026.html","vendor":"Oracle"}]
Threat ID: 6a31b62a0b89be6888265ff8
Added to database: 6/16/2026, 8:46:34 PM
Last enriched: 6/16/2026, 9:30:41 PM
Last updated: 6/17/2026, 4:29:13 AM
Views: 2
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.