CVE-2026-46867
HIGHOracle Enterprise Manager Base Platform 13.5 and 24.1 - Remote Code Execution via Extensibility Framework
Title source: llmDescription
Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Extensibility Framework). Supported versions that are affected are 13.5 and 24.1. Easily exploitable vulnerability allows high privileged attacker with network access via HTTPS to compromise Oracle Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in takeover of Oracle Enterprise Manager Base Platform. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).
References (1)
Core 1
Core References
Vendor Advisory vendor-advisory
Oracle Advisory
https://www.oracle.com/security-alerts/cspujun2026.html
Scores
CVSS v3
7.2
EPSS
0.0045
EPSS Percentile
36.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-269
Status
published
Products (4)
oracle/enterprise_manager_base_platform
13.5.0.0
oracle/enterprise_manager_base_platform
24.1.0.0.0
Oracle Corporation/Oracle Enterprise Manager Base Platform
13.5
Oracle Corporation/Oracle Enterprise Manager Base Platform
24.1
Published
Jun 17, 2026
Tracked Since
Jun 17, 2026