CVE-2026-46925: Vulnerability in the Siebel CRM Cloud Applications product of Oracle Siebel CRM (component: Siebel Cloud Manager)
Vulnerability in the Siebel CRM Cloud Applications product of Oracle Siebel CRM (component: Siebel Cloud Manager). Supported versions that are affected are 17.0-26.5. Difficult to exploit vulnerability allows unauthenticated attacker with access to the physical communication segment attached to the hardware where the Siebel CRM Cloud Applications executes to compromise Siebel CRM Cloud Applications. While the vulnerability is in Siebel CRM Cloud Applications, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Siebel CRM Cloud Applications. CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H).
Metrics
- CVSS v3.1
- 8.3
- Severity
- HIGH
- Fixed in
- —
- Affected Products
- 1
HarborGuard Analysis
Synopsis
An unauthenticated network-adjacent compromise vulnerability exists in the Siebel Cloud Manager component of Oracle Siebel CRM Cloud Applications, affecting versions 17.0 through 26.5. An attacker with access to the same physical network segment (LAN, VLAN, or adjacent broadcast domain) as the host running Siebel CRM Cloud Applications can exploit this flaw without any credentials, though exploitation requires overcoming high-complexity conditions. Successful exploitation results in full takeover of the application, including complete loss of confidentiality, integrity, and availability, with scope change meaning adjacent systems beyond the directly targeted product are also at risk. No fix version has been published; HarborGuard is tracking this advisory and will surface a patched-image rebuild the moment Oracle publishes a fix.
HarborGuard Coverage
Detection of CVE-2026-46925 is available across every HarborGuard environment: the CVE is ingested from Oracle and upstream security feeds within minutes of publication and matched against all customer registry images, including custom-built images derived from Oracle Siebel base layers. Any image in a customer pipeline that carries an affected Siebel CRM Cloud Applications version (17.0 through 26.5) is flagged automatically.
AvailableTriage is available using the CVSS 3.1 base score of 8.3 (HIGH severity), weighted against each customer organization's configured compliance policy to determine urgency and priority. Findings are routed to the appropriate team inbox within each customer environment based on image ownership and policy rules.
AvailableNo fix version has been published by Oracle for this CVE. HarborGuard re-evaluates the advisory on every ingest cycle; when Oracle publishes a patched release, a rebuilt image at that version becomes available automatically, and customers with auto-remediation enabled receive a regression-test run and a PR opened against affected workloads. In the interim, compensating controls such as network-policy isolation of the Siebel Cloud Manager host and strict adjacent-segment access controls are surfaced as recommendations within the finding.
Pending upstreamExploit Conditions
- Network reachabilityDetail
The attacker must have access to the physical or logical network segment (LAN, VLAN, or broadcast domain) directly attached to the host running Siebel CRM Cloud Applications; remote internet-based access alone is not sufficient.
- AuthenticationNot required
No credentials or prior account access are needed to attempt exploitation.
- Victim interactionNot required
The vulnerability is exploitable without any action from a user or administrator on the target system.
- Attack complexityDetail
Exploitation is rated high complexity, meaning the attacker must account for environmental factors or race conditions beyond simply reaching the service; a reliable, condition-free exploit is unlikely.
Blast Radius
- A successful attacker achieves full takeover of the Siebel CRM Cloud Applications instance, reading all stored CRM data including customer records, contact details, and sales pipeline information.
- The attacker can modify or delete persisted CRM data, corrupting business records and transaction history.
- The attacker can crash or permanently disrupt the Siebel Cloud Manager service, making CRM functions unavailable to users.
- Because the CVSS scope is changed, systems beyond the directly compromised Siebel instance (such as adjacent cloud infrastructure or integrated enterprise applications) are also exposed to impact.
How HarborGuard Handles This
Available on HarborGuard: detection for CVE-2026-46925 is active across all customer environments running images built on Oracle Siebel CRM Cloud Applications 17.0 through 26.5, with findings scored at CVSS 8.3 HIGH and routed per each organization's compliance policy. Because Oracle has not yet published a fix, HarborGuard monitors the advisory on every ingest cycle and will make a patched-image rebuild available the moment an upstream fix is released; customers with auto-remediation enabled will receive the rebuild, a regression-test run, and a PR against affected workloads without manual intervention. While awaiting a patch, HarborGuard surfaces compensating-control recommendations for affected findings: restrict network-segment access to the Siebel Cloud Manager host using Kubernetes network policies or equivalent controls, apply strict VLAN segmentation to limit which hosts can reach the adjacent broadcast domain, and audit egress paths from the Siebel host to reduce the blast radius of a potential scope-change exploitation.
- Oracle Corporation / Siebel CRM Cloud Applications≤ 26.5
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H