HarborGuardharborguardDatabase
Back to search
HIGHCVE-2026-46926Published Modified CNA oracle

CVE-2026-46926: Vulnerability in the Siebel CRM Cloud Applications product of Oracle Siebel CRM (component: Siebel Cloud Manager)

Vulnerability in the Siebel CRM Cloud Applications product of Oracle Siebel CRM (component: Siebel Cloud Manager). Supported versions that are affected are 17.0-26.5. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Siebel CRM Cloud Applications executes to compromise Siebel CRM Cloud Applications. While the vulnerability is in Siebel CRM Cloud Applications, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Siebel CRM Cloud Applications. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).

Metrics

CVSS v3.1
8.8
Severity
HIGH
Fixed in
Affected Products
1

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

A local privilege escalation vulnerability affects the Siebel Cloud Manager component of Oracle Siebel CRM Cloud Applications, versions 17.0 through 26.5. An attacker with a low-privilege account and local logon access to the infrastructure where the application runs can exploit this without any user interaction. Successful exploitation results in full takeover of Siebel CRM Cloud Applications, with high impact to confidentiality, integrity, and availability, and the scope change means adjacent products on the same infrastructure can also be compromised. No fix versions have been published yet; HarborGuard is tracking this advisory and will surface a patched-image rebuild as soon as upstream releases one.

HarborGuard Coverage

Detection

Detection for CVE-2026-46926 is available across every HarborGuard environment: the CVE is ingested from upstream feeds within minutes of publication and matched against all customer images, including custom-built images derived from affected Oracle Siebel CRM base layers. Any image found running a Siebel CRM Cloud Applications version in the 17.0-26.5 range is flagged immediately.

Available
Triage

HarborGuard is capable of triaging this CVE at a CVSS 3.1 score of 8.8 (HIGH), weighted against each customer environment's compliance policy to determine urgency and escalation path. Findings are routed to the appropriate team inbox within each customer organization based on their configured ownership rules.

Available
Patch

No fix version has been published by Oracle for this CVE. HarborGuard re-checks the advisory on every ingest cycle and will make a patched-image rebuild available the moment an upstream fix is released. For customers with auto-remediation enabled, the rebuild, regression test run, and PR against affected workloads will be triggered automatically at that point.

Pending upstream

Exploit Conditions

  • Network reachabilityNot required

    The attacker needs an existing shell or process on the host; no network path to the service is required.

  • AuthenticationRequired

    Any low-privilege account with logon rights to the infrastructure is sufficient; no administrative credentials are needed.

  • Victim interactionNot required

    No action by another user or administrator is required to trigger the vulnerability.

  • Attack complexityDetail

    The exploit is reliable and condition-free; no race conditions, special memory layouts, or environmental prerequisites are needed.

Blast Radius

  • A successful attacker gains full control of the Siebel CRM Cloud Applications instance, reading all stored CRM data including customer records, contacts, and sales pipeline information.
  • The attacker can modify or delete persisted application data and configuration, corrupting CRM records and business processes.
  • The affected service can be crashed or rendered unavailable, disrupting CRM-dependent operations.
  • Because the CVSS scope changes, other products and services sharing the same infrastructure can also be compromised beyond the Siebel CRM boundary.

How HarborGuard Handles This

Available on HarborGuard: because no upstream fix exists yet for CVE-2026-46926, HarborGuard monitors the Oracle advisory on every ingest cycle and will trigger a patched-image rebuild automatically the moment Oracle publishes a fix. For customers with auto-remediation enabled, that rebuild will be followed immediately by a regression test run and a PR opened against affected workloads. In the interim, HarborGuard recommends applying compensating controls: restrict logon access to the infrastructure hosting Siebel CRM Cloud Applications to the minimum required set of accounts, apply network-policy isolation to limit lateral movement from the host to adjacent services (addressing the scope-change risk), and consider feature-flag gating of Siebel Cloud Manager functionality where operationally feasible. All of these findings and recommendations are surfaced in the HarborGuard dashboard for each environment where affected image versions are detected.

See how HarborGuard automates this
Affected packages
  • Oracle Corporation / Siebel CRM Cloud Applications
    ≤ 26.5
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
References