CVE-2026-46926: Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Siebel CRM Cloud Applications executes to compromise Siebel CRM Cloud Applications. While the vulnerability is in Siebel CRM Cloud Applications, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Siebel CRM Cloud Applications. in Oracle Corporation Siebel CRM Cloud Applications
CVE-2026-46926 is a high-severity vulnerability in Oracle's Siebel CRM Cloud Applications (component: Siebel Cloud Manager) affecting version 17.0. It allows a low privileged attacker with logon access to the infrastructure to fully compromise the Siebel CRM Cloud Applications, potentially impacting additional products. The vulnerability has a CVSS 3.1 base score of 8.8, indicating high confidentiality, integrity, and availability impacts. Oracle has included this vulnerability in its June 2026 Critical Security Patch Update advisory but has not explicitly stated a specific patch for this product version in the advisory content provided. Oracle strongly recommends applying Critical Security Patch Update patches promptly to mitigate risks. Until patches are applied, risk reduction may be possible by restricting network protocols required for exploitation and limiting user privileges, though these mitigations may affect application functionality.
AI Analysis
Technical Summary
CVE-2026-46926 is a vulnerability in Oracle Siebel CRM Cloud Applications, specifically in the Siebel Cloud Manager component, affecting version 17.0. It allows a low privileged attacker with logon access to the infrastructure hosting the application to compromise the Siebel CRM Cloud Applications, potentially leading to full takeover. The vulnerability also has scope change implications, potentially impacting other products. The CVSS 3.1 score is 8.8 (AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H), reflecting high impact on confidentiality, integrity, and availability. The vulnerability is included in Oracle's June 2026 Critical Security Patch Update advisory, which contains multiple patches across Oracle products. However, the advisory content does not explicitly confirm the availability of a patch or fix specifically for Siebel CRM Cloud Applications version 17.0. Oracle recommends applying patches promptly and considering mitigations such as blocking required network protocols and removing unnecessary privileges until patches are applied.
Potential Impact
Successful exploitation of this vulnerability can result in complete takeover of the Siebel CRM Cloud Applications, with high impact on confidentiality, integrity, and availability of the affected system. The vulnerability also has a scope change, meaning attacks may significantly affect additional Oracle products beyond Siebel CRM Cloud Applications. The attacker requires low privileges and logon access to the infrastructure, making it easily exploitable under those conditions.
Mitigation Recommendations
Oracle's June 2026 Critical Security Patch Update advisory includes this vulnerability among many others and strongly recommends that customers apply the available security patches without delay. Although the advisory does not explicitly confirm a specific patch for Siebel CRM Cloud Applications version 17.0, applying the June 2026 Critical Security Patch Update is advised. Until patches are applied, risk can be reduced by blocking network protocols required for exploitation and removing unnecessary privileges or access to packages from users who do not need them. These mitigations may impact application functionality, so they should be applied cautiously. Customers should monitor Oracle's advisory page for updates on patch availability and installation instructions.
CVE-2026-46926: Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Siebel CRM Cloud Applications executes to compromise Siebel CRM Cloud Applications. While the vulnerability is in Siebel CRM Cloud Applications, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Siebel CRM Cloud Applications. in Oracle Corporation Siebel CRM Cloud Applications
Description
CVE-2026-46926 is a high-severity vulnerability in Oracle's Siebel CRM Cloud Applications (component: Siebel Cloud Manager) affecting version 17.0. It allows a low privileged attacker with logon access to the infrastructure to fully compromise the Siebel CRM Cloud Applications, potentially impacting additional products. The vulnerability has a CVSS 3.1 base score of 8.8, indicating high confidentiality, integrity, and availability impacts. Oracle has included this vulnerability in its June 2026 Critical Security Patch Update advisory but has not explicitly stated a specific patch for this product version in the advisory content provided. Oracle strongly recommends applying Critical Security Patch Update patches promptly to mitigate risks. Until patches are applied, risk reduction may be possible by restricting network protocols required for exploitation and limiting user privileges, though these mitigations may affect application functionality.
CVSS v3.1
Score 8.8high
Affected software
pkg:maven/com.oracle/siebel-crm-cloud-applicationsRun on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-46926 is a vulnerability in Oracle Siebel CRM Cloud Applications, specifically in the Siebel Cloud Manager component, affecting version 17.0. It allows a low privileged attacker with logon access to the infrastructure hosting the application to compromise the Siebel CRM Cloud Applications, potentially leading to full takeover. The vulnerability also has scope change implications, potentially impacting other products. The CVSS 3.1 score is 8.8 (AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H), reflecting high impact on confidentiality, integrity, and availability. The vulnerability is included in Oracle's June 2026 Critical Security Patch Update advisory, which contains multiple patches across Oracle products. However, the advisory content does not explicitly confirm the availability of a patch or fix specifically for Siebel CRM Cloud Applications version 17.0. Oracle recommends applying patches promptly and considering mitigations such as blocking required network protocols and removing unnecessary privileges until patches are applied.
Potential Impact
Successful exploitation of this vulnerability can result in complete takeover of the Siebel CRM Cloud Applications, with high impact on confidentiality, integrity, and availability of the affected system. The vulnerability also has a scope change, meaning attacks may significantly affect additional Oracle products beyond Siebel CRM Cloud Applications. The attacker requires low privileges and logon access to the infrastructure, making it easily exploitable under those conditions.
Mitigation Recommendations
Oracle's June 2026 Critical Security Patch Update advisory includes this vulnerability among many others and strongly recommends that customers apply the available security patches without delay. Although the advisory does not explicitly confirm a specific patch for Siebel CRM Cloud Applications version 17.0, applying the June 2026 Critical Security Patch Update is advised. Until patches are applied, risk can be reduced by blocking network protocols required for exploitation and removing unnecessary privileges or access to packages from users who do not need them. These mitigations may impact application functionality, so they should be applied cautiously. Customers should monitor Oracle's advisory page for updates on patch availability and installation instructions.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- oracle
- Date Reserved
- 2026-05-18T15:55:10.312Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
- Vendor Advisory Urls
- [{"url":"https://www.oracle.com/security-alerts/cspujun2026.html","vendor":"Oracle"}]
Threat ID: 6a31b62a0b89be6888266004
Added to database: 6/16/2026, 8:46:34 PM
Last enriched: 6/16/2026, 9:17:33 PM
Last updated: 6/17/2026, 4:58:31 AM
Views: 6
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.