PatchSiren cyber security CVE debrief
CVE-2026-46781 Oracle Corporation CVE debrief
A critical vulnerability was discovered in Oracle WebCenter Enterprise Capture, a product of Oracle Fusion Middleware, specifically in the Client Bundle component. This vulnerability, tracked as CVE-2026-46781, has a CVSS 3.1 Base Score of 10.0, indicating a high impact on confidentiality, integrity, and availability. The vulnerability affects supported versions 12.2.1.4.0 and 14.1.2.0.0. The vulnerability allows unauthenticated attackers with network access via RMI to compromise Oracle WebCenter Enterprise Capture, potentially impacting additional products. Organizations should be aware of the high severity of this vulnerability and the potential for significant impact on affected systems.
- Vendor
- Oracle Corporation
- Product
- Oracle WebCenter Enterprise Capture
- CVSS
- CRITICAL 10
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-17
- Original CVE updated
- 2026-06-18
- Advisory published
- 2026-06-17
- Advisory updated
- 2026-06-18
Who should care
Organizations using Oracle WebCenter Enterprise Capture versions 12.2.1.4.0 and 14.1.2.0.0 should prioritize patching this vulnerability. The vulnerability allows unauthenticated attackers with network access via RMI to compromise Oracle WebCenter Enterprise Capture, potentially impacting additional products.
Technical summary
The vulnerability is located in the Client Bundle component of Oracle WebCenter Enterprise Capture. It is easily exploitable and allows unauthenticated attackers with network access via RMI to compromise Oracle WebCenter Enterprise Capture. Successful attacks can result in the takeover of Oracle WebCenter Enterprise Capture. The CVSS Vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H. This vulnerability has a significant impact due to its critical CVSS score and the potential for attackers to gain unauthorized access to sensitive information and systems.
Defensive priority
High priority should be given to patching this vulnerability due to its critical CVSS score and the potential for significant impact on affected systems.
Recommended defensive actions
- Apply the patches provided by Oracle Corporation as soon as possible.
- Implement compensating controls such as network segmentation and access controls to limit the attack surface.
- Monitor systems for suspicious activity and implement logging and auditing to detect potential exploitation attempts.
- Verify that affected systems are properly inventoried and that patches are applied to all vulnerable systems.
- Consider implementing additional security measures such as RMI access controls and network monitoring.
Evidence notes
The CVE record was published on 2026-06-17T10:53:55.673Z and was last modified on 2026-06-18T22:35:19.077Z. The NVD entry is currently Analyzed. The vulnerability affects Oracle WebCenter Enterprise Capture versions 12.2.1.4.0 and 14.1.2.0.0.
Official resources
-
CVE-2026-46781 CVE record
CVE.org
-
CVE-2026-46781 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-06-17T10:53:55.673Z and has not been modified since then. The NVD entry is currently Analyzed.