PatchSiren cyber security CVE debrief
CVE-2026-46777 Oracle Corporation CVE debrief
A critical vulnerability was discovered in Oracle WebCenter Content, a product of Oracle Fusion Middleware. The vulnerability, tracked as CVE-2026-46777, affects versions 12.2.1.4.0 and 14.1.2.0.0. It allows unauthenticated attackers with network access via HTTP to compromise the system, potentially leading to unauthorized creation, deletion, or modification of critical data. This vulnerability has significant implications for organizations using the affected versions, as it could result in unauthorized access to sensitive information. The CVSS 3.1 Base Score is 9.1, indicating a critical severity level. Organizations should prioritize patching this vulnerability to prevent potential data breaches.
- Vendor
- Oracle Corporation
- Product
- Oracle WebCenter Content
- CVSS
- CRITICAL 9.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-17
- Original CVE updated
- 2026-06-19
- Advisory published
- 2026-06-17
- Advisory updated
- 2026-06-19
Who should care
Organizations using Oracle WebCenter Content versions 12.2.1.4.0 and 14.1.2.0.0 should prioritize patching this vulnerability to prevent potential data breaches. This includes operators managing these systems, platform administrators, vulnerability management teams, and security teams responsible for ensuring the security and integrity of sensitive information.
Technical summary
The vulnerability, tracked as CVE-2026-46777, is a critical issue in Oracle WebCenter Content, a product of Oracle Fusion Middleware. It affects versions 12.2.1.4.0 and 14.1.2.0.0. The vulnerability has a CVSS 3.1 Base Score of 9.1, indicating a critical severity level. It is easily exploitable and allows unauthenticated attackers with network access via HTTP to compromise the system. Successful attacks can result in unauthorized creation, deletion, or modification access to critical data or all Oracle WebCenter Content accessible data as well as unauthorized access to critical data or complete access to all Oracle WebCenter Content accessible data. This could lead to significant data breaches if not addressed promptly.
Defensive priority
High
Recommended defensive actions
- Apply the latest security patches provided by Oracle Corporation
- Restrict network access to Oracle WebCenter Content
- Monitor system logs for suspicious activity
- Implement compensating controls, such as Web Application Firewalls
- Conduct regular vulnerability assessments and penetration testing
- Review and update incident response plans to address potential breaches
- Verify the integrity of affected systems and data after patching
Evidence notes
The CVE record was published on 2026-06-17T10:53:55.260Z and last modified on 2026-06-19T06:17:08.127Z. The NVD entry is currently Analyzed. This information is based on the supplied source corpus and may not reflect the current state of the vulnerability. Defenders should verify the affected scope and severity with Oracle Corporation and review the official CVE record for CVE-2026-46777. Due to limited source detail, defenders should approach with caution and consider evidence limits.
Official resources
-
CVE-2026-46777 CVE record
CVE.org
-
CVE-2026-46777 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-06-17T10:53:55.260Z and has not been modified since then. The NVD entry is currently Analyzed.