CVE-2026-46888
HIGHOracle Siebel CRM Deployment 17.0-26.5 - Authenticated Remote Code Execution in Database Upgrade
Title source: llmDescription
Vulnerability in the Siebel CRM Deployment product of Oracle Siebel CRM (component: Database Upgrade). Supported versions that are affected are 17.0-26.5. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Siebel CRM Deployment executes to compromise Siebel CRM Deployment. Successful attacks of this vulnerability can result in takeover of Siebel CRM Deployment. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
References (1)
Core 1
Core References
Vendor Advisory vendor-advisory
Oracle Advisory
https://www.oracle.com/security-alerts/cspujun2026.html
Scores
CVSS v3
7.8
EPSS
0.0012
EPSS Percentile
2.1%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-284
Status
published
Products (2)
oracle/siebel_crm
17.0 - 26.5
Oracle Corporation/Siebel CRM Deployment
17.0 - 26.5
Published
Jun 17, 2026
Tracked Since
Jun 17, 2026