Network Access Vulnerability in Oracle Enterprise Manager Base Platform
CVE-2026-46866

8.2HIGH

Key Information:

Vendor

Oracle

Vendor
CVE Published:
16 June 2026

What is CVE-2026-46866?

A vulnerability exists in the Oracle Enterprise Manager Base Platform, specifically within the Agent Next Gen component. This vulnerability allows an unauthenticated attacker with network access via HTTPS to potentially exploit the system. Successful exploitation could lead to unauthorized control over the application, enabling an attacker to cause instability, including frequent crashes or complete denial of service (DoS). Additionally, it may grant unauthorized permissions to update, insert, or delete data that is accessible through the platform. This poses significant risks to data integrity and availability.

Affected Version(s)

Oracle Enterprise Manager Base Platform 13.5

Oracle Enterprise Manager Base Platform 24.1

References

CVSS V3.1

Score:
8.2
Severity:
HIGH
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.