Remote Code Execution in Oracle Enterprise Manager Base Platform
CVE-2026-46872

9CRITICAL

Key Information:

Vendor

Oracle

Vendor
CVE Published:
16 June 2026

What is CVE-2026-46872?

A vulnerability exists in the Oracle Enterprise Manager Base Platform that allows privileged attackers with network access via HTTPS to exploit critical system components. Affected versions 13.5 and 24.1 are susceptible to unauthorized creation, deletion, and modification of critical data. Furthermore, the flaw permits unauthorized read access to sensitive information and could lead to denial of service conditions, including frequent crashes of Oracle Enterprise Manager services. This vulnerability has wide-reaching implications that may affect other Oracle products within the ecosystem.

Affected Version(s)

Oracle Enterprise Manager Base Platform 13.5

Oracle Enterprise Manager Base Platform 24.1

References

CVSS V3.1

Score:
9
Severity:
CRITICAL
Confidentiality:
Low
Integrity:
High
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.