HarborGuardharborguardDatabase
Back to search
HIGHCVE-2026-46865Published Modified CNA oracle

CVE-2026-46865: Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Extensibility Framework)

Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Extensibility Framework). Supported versions that are affected are 13.5 and 24.1. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Enterprise Manager Base Platform executes to compromise Oracle Enterprise Manager Base Platform. While the vulnerability is in Oracle Enterprise Manager Base Platform, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Enterprise Manager Base Platform. CVSS 3.1 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).

Metrics

CVSS v3.1
8.2
Severity
HIGH
Fixed in
Affected Products
1

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

A local privilege-escalation vulnerability exists in the Extensibility Framework component of Oracle Enterprise Manager Base Platform versions 13.5 and 24.1. An attacker who already holds administrative credentials on the host where the platform runs can exploit this flaw without any network access or victim interaction. Successful exploitation results in full takeover of Oracle Enterprise Manager Base Platform, with the attack scope extending to additional products beyond the directly affected component. No fix versions have been published yet; HarborGuard is tracking the advisory and will surface a patched-image rebuild the moment Oracle releases one.

HarborGuard Coverage

Detection

Detection of CVE-2026-46865 is available across every HarborGuard environment: the CVE is ingested from upstream advisory feeds within minutes of publication and matched against all customer images, including custom-built images that package Oracle Enterprise Manager Base Platform 13.5 or 24.1.

Available
Triage

Triage is available with a CVSS 3.1 score of 8.2 (HIGH), weighted against each environment's compliance policy to determine urgency and routed to the appropriate team inbox within each customer organization.

Available
Patch

Because no fix version has been published by Oracle, HarborGuard re-checks the advisory on every ingest cycle and will make a patched-image rebuild available automatically the moment an upstream fix is released. Customers with auto-remediation enabled will receive the rebuild, a regression-test run, and a pull request opened against affected workloads as soon as that upstream patch is available.

Pending upstream

Exploit Conditions

  • Network reachabilityNot required

    The attacker needs an existing shell or process on the host running Oracle Enterprise Manager Base Platform; no network path to the service is required.

  • AuthenticationRequired

    An administrative (high-privilege) account on the host infrastructure is needed to trigger the vulnerability.

  • Victim interactionNot required

    No action from another user or administrator is required for the attack to succeed.

  • Attack complexityDetail

    Exploitation is straightforward and condition-free; no race conditions or special environmental factors need to align for the attack to work reliably.

Blast Radius

  • Reads all data stored and managed by Oracle Enterprise Manager Base Platform, including monitored-target credentials and configuration secrets.
  • Modifies or destroys persisted management data, policies, and configuration across the platform.
  • Crashes or degrades the Oracle Enterprise Manager Base Platform service, disrupting monitoring and administration of managed infrastructure.
  • Because scope changes, attacker access can pivot to additional Oracle products and managed targets connected to the platform.

How HarborGuard Handles This

Available on HarborGuard: CVE-2026-46865 is flagged against any image found to contain Oracle Enterprise Manager Base Platform 13.5 or 24.1, with a HIGH severity rating applied immediately on detection. Since Oracle has not published a fix, HarborGuard monitors the advisory on every ingest cycle and will make a patched-image rebuild available as soon as an upstream patch is released; for customers with auto-remediation enabled, that triggers an automatic rebuild, regression-test run, and pull request against affected workloads. In the interim, compensating controls worth evaluating include restricting local logon access to the host to the minimum set of named administrators, applying OS-level audit logging for all privileged sessions, and isolating the Enterprise Manager host behind network policy rules that limit lateral movement should host credentials be compromised.

See how HarborGuard automates this
Affected packages
  • Oracle Corporation / Oracle Enterprise Manager Base Platform
    13.5 · 24.1
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
References