HarborGuardharborguardDatabase
Back to search
HIGHCVE-2026-46867Published Modified CNA oracle

CVE-2026-46867: Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Extensibility Framework)

Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Extensibility Framework). Supported versions that are affected are 13.5 and 24.1. Easily exploitable vulnerability allows high privileged attacker with network access via HTTPS to compromise Oracle Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in takeover of Oracle Enterprise Manager Base Platform. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).

Metrics

CVSS v3.1
7.2
Severity
HIGH
Fixed in
Affected Products
1

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

This is a high-severity vulnerability in the Extensibility Framework component of Oracle Enterprise Manager Base Platform, affecting versions 13.5 and 24.1. The flaw is reachable over the network via HTTPS and requires an authenticated attacker with administrative privileges to exploit. Successful exploitation gives the attacker full control of the Oracle Enterprise Manager Base Platform instance, with complete impact to confidentiality, integrity, and availability. No fix version has been published by Oracle; HarborGuard is tracking the advisory and will surface a patched-image rebuild as soon as upstream releases one.

HarborGuard Coverage

Detection

Detection for CVE-2026-46867 is available across every HarborGuard environment: the CVE is ingested from upstream feeds within minutes of publication and matched against all customer images, including custom-built images that layer Oracle Enterprise Manager components. Any image running an affected version (13.5 or 24.1) of Oracle Enterprise Manager Base Platform is flagged automatically.

Available
Triage

HarborGuard scores this CVE at CVSS 7.2 HIGH and makes that score available alongside per-environment compliance policy weighting, so teams with stricter baselines for network-exposed admin services see it surfaced at the appropriate priority. Triage findings are routable to the relevant team inbox within each customer organization based on image ownership and policy configuration.

Available
Patch

Because no upstream fix version exists for CVE-2026-46867, HarborGuard re-checks the Oracle advisory on every ingest cycle and will make a patched-image rebuild available the moment Oracle publishes a corrected release. In the interim, compensating controls such as network-policy isolation of the Enterprise Manager HTTPS endpoint and egress filtering are surfaced as advisory recommendations within the platform.

Pending upstream

Exploit Conditions

  • Network reachabilityRequired

    The attacker must reach the Oracle Enterprise Manager HTTPS endpoint over the network; there is no local-only attack path.

  • AuthenticationRequired

    An administrative (high-privilege) account is required; an unprivileged or anonymous attacker cannot exploit this vulnerability directly.

  • Victim interactionNot required

    No user interaction is needed; the attacker can exploit the vulnerability entirely on their own without involving another person.

  • Attack complexityDetail

    Attack complexity is low, meaning the exploit is reliable and does not depend on race conditions, memory layout, or any other variable environmental factor.

Blast Radius

  • A successful attacker reads all data accessible to the Enterprise Manager platform, including monitored target credentials, configuration data, and stored monitoring policies.
  • The attacker can modify or delete persisted configuration, targets, jobs, and compliance rules managed by the Enterprise Manager instance.
  • The attacker can crash or otherwise take down the Enterprise Manager service, disrupting monitoring and management visibility across all connected targets.
  • Full platform takeover means the attacker can pivot through Enterprise Manager agent connectivity to interact with every managed host and database registered to the instance.

How HarborGuard Handles This

Available on HarborGuard: detection for CVE-2026-46867 is active and flags any image running Oracle Enterprise Manager Base Platform 13.5 or 24.1 against this advisory. Because Oracle has not published a fix version, no patched-image rebuild is available yet. HarborGuard re-evaluates the Oracle advisory on every ingest cycle and will automatically make a rebuild available the moment a corrected upstream release is published. For customers who opt into auto-remediation, the rebuild, regression-test run, and PR flow will trigger without manual intervention as soon as the fix lands. While awaiting a patch, HarborGuard surfaces compensating-control recommendations including applying network policy to restrict HTTPS access to the Enterprise Manager console to known administrator source addresses, enforcing egress filtering on the Enterprise Manager host, and auditing current high-privilege account holders to reduce the pool of credentials that could be used in an attack.

See how HarborGuard automates this
Affected packages
  • Oracle Corporation / Oracle Enterprise Manager Base Platform
    13.5 · 24.1
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
References