External risk intelligence

Oracle Enterprise Manager Base Platform Metadata Plugin Vulnerability Allows Takeover

CVE advisorySeverity: CRITICAL (CVSS 9.9)

CVE-2026-46852

A vulnerability in Oracle Enterprise Manager Base Platform allows a low-privileged attacker with network access to take over the platform and potentially impact other products. This could lead to a complete compromise of confidentiality, integrity, and availability.

Oracle Enterprise Manager Base Platform

13.5.0.024.1.0.0.0

Halo Surface Signal

Possible · external exposure

3Halo Surface Signal

Oracle Enterprise Manager is typically deployed within internal administrative or management networks to monitor infrastructure. While it requires network access and could be exposed in some configurations, it is not designed to be a public-facing internet service.

Horizon Alert

Summary of the vulnerability and why it matters

A vulnerability has been identified in Oracle Enterprise Manager Base Platform, a tool used for managing Oracle systems. This issue, if exploited, could allow an attacker with limited privileges to gain complete control over the platform and potentially impact other connected products. The main concern is to confirm if our specific systems are affected and to what extent.

Compromises Oracle management software.
Understand its potential reach into our systems.
Confirm relevance and assess exposure.

Attack Path

How an attacker could exploit the issue

An attacker with network access and low privileges can target the Oracle Enterprise Manager Base Platform. By reaching the Metadata Plugin component via HTTPS, the attacker can exploit this vulnerability. A successful attack could lead to a complete takeover of the affected platform, potentially impacting other connected products.

Network access, low privileges required.
Exploits Metadata Plugin via HTTPS.
Full platform takeover is possible.

Live Threat

Current exploitation, exposure, and threat context

A low-privileged attacker with network access could potentially take over the Oracle Enterprise Manager Base Platform, which may in turn impact additional products. This could lead to a complete compromise of the platform's confidentiality, integrity, and availability.

Oracle Enterprise Manager Base Platform.
Network access via HTTPS.
Complete platform takeover.

Operational Fix

Recommended remediation, mitigation, and detection steps

This vulnerability in Oracle Enterprise Manager Base Platform requires immediate attention from the platform or infrastructure teams, as it can lead to a full takeover of the management system. The first practical step is to identify all instances of the affected product, assess their network exposure and business criticality, and then engage the designated owner for remediation planning.

Platform team owns this vulnerability.
Verify network reachability and impact.
Plan remediation during maintenance windows.

Supplementary metadata

PCI scan relevance

Yes

CVE-2026-46852 — Halo PCI Relevance: Yes. Under typical PCI ASV external scan criteria, this issue may be flagged for scan prioritization.

This Oracle Enterprise Manager Base Platform vulnerability allows a low-privileged attacker to compromise the platform, which is relevant for PCI scans due to the potential for a full takeover.

Scan-prioritization guidance only—not a PCI DSS certification or ASV attestation.

CVSS vector

Validate whether this threat affects your internet-facing exposure.

Halo Threat Intelligence helps prioritize remediation with Halo Surface Signal and H/A/L/O context. Start exposure validation with a free external attack surface trial.

Free EASM Trial See How Signal Works

Frequently asked questions

What is Oracle Enterprise Manager Base Platform?

It is a centralized management tool that administrators use to oversee, monitor, and maintain enterprise-wide Oracle software and hardware infrastructure. It serves as a command center for managing complex database and application environments, ensuring their health and performance across an entire data center.

How does CVE-2026-46852 function?

This vulnerability is classified as CWE-269, which relates to improper privilege management. Specifically, it affects the Metadata Plugin component within the platform. By exploiting this weakness, a low-privileged user can gain excessive control rights, effectively bypassing security restrictions to perform actions that should be reserved for administrators, leading to a full system takeover.

What triggers the CVE-2026-46852 vulnerability?

An attacker needs network access to the platform via HTTPS and low-level credentials to interact with the Metadata Plugin. It is important to note that this is not a broad, unauthenticated attack; it requires an active, authorized user account on the system to initiate the exploit path.

Do I need to worry if my instance is internal?

According to Halo Surface Signal, this software is typically deployed within protected internal administrative networks, not as a public-facing service. While this reduces the likelihood of random internet-based attacks, any internal system reachable by other compromised assets or malicious insiders remains a point of concern for potential takeover.

How should I respond to this threat?

Your first step is to perform an inventory of your environment to identify all active instances of the affected Oracle Enterprise Manager versions. Once identified, evaluate which systems are reachable over the network and prioritize those for patch management as part of your standard maintenance workflow.

References

www.oracle.com/security-alerts/cspujun2026.html

Written by Nicholas Merritt

External-surface CVE analysis and Halo Surface Signal prioritization for Halo Threat Intelligence.