CVE-2026-46866
HighCVSS 8.2Exploitation Probability (EPSS)
Low risk30th percentile — higher than 30% of all known CVEs
Summary
Vulnerability in the Oracle Enterprise Manager Base Platform product, affecting versions 13.5 and 24.1, allows an unauthenticated attacker with network access via HTTPS to compromise the platform, potentially leading to hangs or frequent crashes and unauthorized access to data.
Risk Assessment
An attacker could cause complete denial of service for Oracle Enterprise Manager and gain unauthorized access to data, leading to serious consequences for the organization.
Recommendation
It is recommended to update to the latest version of Oracle Enterprise Manager and implement appropriate security measures to restrict system access to authorized users.
Original NVD description (English source)
Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Agent Next Gen). Supported versions that are affected are 13.5 and 24.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Enterprise Manager Base Platform as well as unauthorized update, insert or delete access to some of Oracle Enterprise Manager Base Platform accessible data. CVSS 3.1 Base Score 8.2 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H).

