HarborGuardharborguardDatabase
Back to search
CRITICALCVE-2026-46832Published Modified CNA oracle

CVE-2026-46832: Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Discovery Framework)

Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Discovery Framework). Supported versions that are affected are 13.5 and 24.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle Enterprise Manager Base Platform. While the vulnerability is in Oracle Enterprise Manager Base Platform, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Enterprise Manager Base Platform. CVSS 3.1 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).

Metrics

CVSS v3.1
9.9
Severity
CRITICAL
Fixed in
Affected Products
1

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

A critical-severity vulnerability in the Discovery Framework component of Oracle Enterprise Manager Base Platform (versions 13.5 and 24.1) allows a low-privileged attacker to reach the product over HTTPS and fully compromise the platform. Successful exploitation gives the attacker complete control over confidentiality, integrity, and availability, and the scope change means the attack can cascade into additional products managed by the platform. No fix version has been published by Oracle at this time; HarborGuard is tracking the advisory and will flag patched rebuild availability the moment upstream ships a fix.

HarborGuard Coverage

Detection

Detection of CVE-2026-46832 is available across every HarborGuard environment, with the CVE matched against customer images within minutes of ingestion from upstream advisory feeds, including custom-built images that bundle Oracle Enterprise Manager Base Platform components. Any image in a connected registry or CI pipeline running version 13.5 or 24.1 of the affected component is eligible for flagging.

Available
Triage

Triage is available with the full CVSS 3.1 score of 9.9 (Critical) applied automatically, weighted further by each customer organization's compliance policy to determine severity tier and routing. Findings are directed to the appropriate team inbox within each customer org based on configured ownership rules for the affected workloads.

Available
Patch

Because no upstream fix version has been published by Oracle, HarborGuard re-checks the advisory on every ingest cycle and will make a patched-image rebuild available immediately when Oracle releases a remediated version. In the interim, HarborGuard surfaces the finding continuously so teams can apply compensating controls while the advisory remains open.

Pending upstream

Exploit Conditions

  • Network reachabilityRequired

    The attacker must be able to reach the Oracle Enterprise Manager Base Platform service over the network via HTTPS; local or adjacent-only access is not required.

  • AuthenticationRequired

    A low-privilege account is sufficient; no administrative or elevated credentials are needed to trigger the vulnerability.

  • Victim interactionNot required

    No user action or social engineering is needed; the attacker can exploit the vulnerability entirely without victim participation.

  • Attack complexityDetail

    Attack complexity is low, meaning the exploit is reliable and does not depend on race conditions, specific memory layout, or other variable environmental factors.

Blast Radius

  • A successful attacker gains full read access to all data held by Oracle Enterprise Manager Base Platform, including managed target credentials, configuration data, and monitoring telemetry.
  • The attacker can modify or delete persisted platform data, including discovery configurations, agent registrations, and job schedules.
  • The attacker can crash or render unavailable the Oracle Enterprise Manager Base Platform service and its management functions.
  • Because the CVSS scope is changed, the attacker can pivot into additional Oracle products and managed targets that the platform administers, extending the compromise beyond the initial foothold.

How HarborGuard Handles This

Available on HarborGuard: because Oracle has not yet published a fix for CVE-2026-46832, HarborGuard continuously re-evaluates the advisory on every ingest cycle and will trigger a patched-image rebuild automatically the moment an upstream fix version is published. For customers who opt into auto-remediation, that rebuild will be followed by a regression-test run and a PR opened against affected workloads with no manual intervention required. While the advisory remains unpatched, HarborGuard recommends using network-policy controls to restrict inbound HTTPS access to Oracle Enterprise Manager Base Platform to known, trusted IP ranges, enforcing least-privilege access so no unnecessary low-privilege accounts can reach the Discovery Framework endpoint, and considering egress filtering on the platform host to limit the blast radius if a pivot attempt is made into managed targets. The finding will remain open and visible in each customer environment's dashboard until a patched image is confirmed clean.

See how HarborGuard automates this
Affected packages
  • Oracle Corporation / Oracle Enterprise Manager Base Platform
    13.5 · 24.1
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
References