Denial of Service Vulnerability in Oracle Siebel CRM Deployment
CVE-2026-21926

7.5HIGH

Key Information:

Vendor: Oracle
Status: Siebel Crm Deployment
Vendor: CVE Published:; 20 January 2026

What is CVE-2026-21926?

A vulnerability exists in the Siebel CRM Deployment component of Oracle Siebel CRM that could allow an unauthenticated attacker with network access via TLS to cause service disruptions. This exploit can lead to the systems crashing or becoming unresponsive, resulting in a denial of service condition for affected users. The vulnerability impacts various versions, highlighting the need for timely updating and patching to mitigate the risks associated with such exploits.

Affected Version(s)

Siebel CRM Deployment 17.0 <= 25.2

References

https://www.oracle.com/security-alerts/cpujan2026.html

vendor-advisory

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 20, 2026
Vulnerability Reserved
Jan 5, 2026

CVE-2026-21926 Data

JSON