PatchSiren cyber security CVE debrief
CVE-2026-46782 Oracle Corporation CVE debrief
A critical vulnerability was discovered in Oracle WebCenter Enterprise Capture, a product of Oracle Fusion Middleware. The vulnerability, tracked as CVE-2026-46782, has a CVSS 3.1 Base Score of 9.9, indicating a high impact on confidentiality, integrity, and availability. The vulnerability is in the Client Bundle component and affects versions 12.2.1.4.0 and 14.1.2.0.0 of the product.
- Vendor
- Oracle Corporation
- Product
- Oracle WebCenter Enterprise Capture
- CVSS
- CRITICAL 9.9
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-17
- Original CVE updated
- 2026-06-18
- Advisory published
- 2026-06-17
- Advisory updated
- 2026-06-18
Who should care
Organizations using Oracle WebCenter Enterprise Capture versions 12.2.1.4.0 and 14.1.2.0.0 should prioritize patching this vulnerability. The vulnerability allows low-privileged attackers with network access via HTTP to compromise Oracle WebCenter Enterprise Capture, potentially impacting additional products.
Technical summary
The vulnerability in Oracle WebCenter Enterprise Capture has a CVSS Vector of (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H). It is easily exploitable and allows low-privileged attackers with network access via HTTP to compromise Oracle WebCenter Enterprise Capture. Successful attacks can result in the takeover of Oracle WebCenter Enterprise Capture. The vulnerability affects versions 12.2.1.4.0 and 14.1.2.0.0 of the product, which are part of Oracle Fusion Middleware. The Client Bundle component is where the vulnerability resides. Organizations should be aware of the potential impact on confidentiality, integrity, and availability.
Defensive priority
High priority should be given to patching this vulnerability due to its critical CVSS score and the potential for significant impact if exploited.
Recommended defensive actions
- Apply the patches provided by Oracle for Oracle WebCenter Enterprise Capture versions 12.2.1.4.0 and 14.1.2.0.0.
- Implement network access controls to limit access to Oracle WebCenter Enterprise Capture.
- Monitor for any suspicious activity related to Oracle WebCenter Enterprise Capture.
- Review and update security configurations for Oracle WebCenter Enterprise Capture to ensure they align with organizational security policies.
- Conduct a thorough review of the affected product deployments in managed environments.
- Verify the integrity of the system and monitor for potential exploitation attempts.
- Track and document the remediation process for future reference and auditing purposes.
Evidence notes
The CVE record was published on 2026-06-17T10:53:55.780Z and was last modified on 2026-06-18T22:36:31.753Z. The NVD entry is currently Analyzed. Evidence is limited, and defenders should verify the affected product deployments and review the official advisory for further details. The vulnerability's scope and potential impact on additional products should be carefully evaluated.
Official resources
-
CVE-2026-46782 CVE record
CVE.org
-
CVE-2026-46782 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-06-17T10:53:55.780Z and has not been modified since then. The NVD entry is currently Analyzed.