PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-46781 Oracle Corporation CVE debrief

A critical vulnerability was discovered in Oracle WebCenter Enterprise Capture, a product of Oracle Fusion Middleware, specifically in the Client Bundle component. This vulnerability, tracked as CVE-2026-46781, has a CVSS 3.1 Base Score of 10.0, indicating a high impact on confidentiality, integrity, and availability. The vulnerability affects supported versions 12.2.1.4.0 and 14.1.2.0.0. The vulnerability allows unauthenticated attackers with network access via RMI to compromise Oracle WebCenter Enterprise Capture, potentially impacting additional products. Organizations should be aware of the high severity of this vulnerability and the potential for significant impact on affected systems.

Vendor
Oracle Corporation
Product
Oracle WebCenter Enterprise Capture
CVSS
CRITICAL 10
CISA KEV
Not listed in stored evidence
Original CVE published
2026-06-17
Original CVE updated
2026-06-18
Advisory published
2026-06-17
Advisory updated
2026-06-18

Who should care

Organizations using Oracle WebCenter Enterprise Capture versions 12.2.1.4.0 and 14.1.2.0.0 should prioritize patching this vulnerability. The vulnerability allows unauthenticated attackers with network access via RMI to compromise Oracle WebCenter Enterprise Capture, potentially impacting additional products.

Technical summary

The vulnerability is located in the Client Bundle component of Oracle WebCenter Enterprise Capture. It is easily exploitable and allows unauthenticated attackers with network access via RMI to compromise Oracle WebCenter Enterprise Capture. Successful attacks can result in the takeover of Oracle WebCenter Enterprise Capture. The CVSS Vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H. This vulnerability has a significant impact due to its critical CVSS score and the potential for attackers to gain unauthorized access to sensitive information and systems.

Defensive priority

High priority should be given to patching this vulnerability due to its critical CVSS score and the potential for significant impact on affected systems.

Recommended defensive actions

  • Apply the patches provided by Oracle Corporation as soon as possible.
  • Implement compensating controls such as network segmentation and access controls to limit the attack surface.
  • Monitor systems for suspicious activity and implement logging and auditing to detect potential exploitation attempts.
  • Verify that affected systems are properly inventoried and that patches are applied to all vulnerable systems.
  • Consider implementing additional security measures such as RMI access controls and network monitoring.

Evidence notes

The CVE record was published on 2026-06-17T10:53:55.673Z and was last modified on 2026-06-18T22:35:19.077Z. The NVD entry is currently Analyzed. The vulnerability affects Oracle WebCenter Enterprise Capture versions 12.2.1.4.0 and 14.1.2.0.0.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-06-17T10:53:55.673Z and has not been modified since then. The NVD entry is currently Analyzed.