Description
Vulnerability in the Oracle Agile PLM product of Oracle Supply Chain (component: Security). The supported version that is affected is 9.3.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Agile PLM. Successful attacks of this vulnerability can result in takeover of Oracle Agile PLM. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
Published: 2026-06-16
Score: 9.8 Critical
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A flaw in Oracle Agile PLM 9.3.6 permits an unauthenticated attacker with network access via HTTP to compromise the application and take over the system. The vulnerability can be exploited easily and results in full compromise of confidentiality, integrity and availability.

Affected Systems

Oracle Corporation’s Oracle Agile PLM 9.3.6 is affected. No other affected versions are listed.

Risk and Exploitability

The CVSS Base Score of 9.8 marks this as a critical vulnerability. The EPSS score is less than 1%, indicating that exploitation may not yet be widespread, and the vulnerability is not in CISA’s KEV catalog. However, the likely attack vector is any network host able to reach the application over HTTP, and the absence of authentication requirements makes it trivial for an attacker to execute the exploit. Successful exploitation could result in full system takeover.

Generated by OpenCVE AI on June 17, 2026 at 19:15 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the Oracle patch for Agile PLM 9.3.6 as specified in the Oracle Security Alert.
  • Restrict HTTP access to the Agile PLM instance to trusted IP ranges or VPNs to block unauthenticated remote access.
  • Enable comprehensive logging and alerting on the Agile PLM instance to detect unauthorized activity.

Generated by OpenCVE AI on June 17, 2026 at 19:15 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 16 Jun 2026 20:45:00 +0000

Type Values Removed Values Added
Description Vulnerability in the Oracle Agile PLM product of Oracle Supply Chain (component: Security). The supported version that is affected is 9.3.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Agile PLM. Successful attacks of this vulnerability can result in takeover of Oracle Agile PLM. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
First Time appeared Oracle
Oracle agile Plm
CPEs cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*
Vendors & Products Oracle
Oracle agile Plm
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Oracle Agile Plm
cve-icon MITRE

Status: PUBLISHED

Assigner: oracle

Published:

Updated: 2026-06-17T14:44:42.459Z

Reserved: 2026-05-18T15:55:10.307Z

Link: CVE-2026-46859

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-17T01:00:15Z

Weaknesses

No weakness.