PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-46782 Oracle Corporation CVE debrief

A critical vulnerability was discovered in Oracle WebCenter Enterprise Capture, a product of Oracle Fusion Middleware. The vulnerability, tracked as CVE-2026-46782, has a CVSS 3.1 Base Score of 9.9, indicating a high impact on confidentiality, integrity, and availability. The vulnerability is in the Client Bundle component and affects versions 12.2.1.4.0 and 14.1.2.0.0 of the product.

Vendor
Oracle Corporation
Product
Oracle WebCenter Enterprise Capture
CVSS
CRITICAL 9.9
CISA KEV
Not listed in stored evidence
Original CVE published
2026-06-17
Original CVE updated
2026-06-18
Advisory published
2026-06-17
Advisory updated
2026-06-18

Who should care

Organizations using Oracle WebCenter Enterprise Capture versions 12.2.1.4.0 and 14.1.2.0.0 should prioritize patching this vulnerability. The vulnerability allows low-privileged attackers with network access via HTTP to compromise Oracle WebCenter Enterprise Capture, potentially impacting additional products.

Technical summary

The vulnerability in Oracle WebCenter Enterprise Capture has a CVSS Vector of (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H). It is easily exploitable and allows low-privileged attackers with network access via HTTP to compromise Oracle WebCenter Enterprise Capture. Successful attacks can result in the takeover of Oracle WebCenter Enterprise Capture. The vulnerability affects versions 12.2.1.4.0 and 14.1.2.0.0 of the product, which are part of Oracle Fusion Middleware. The Client Bundle component is where the vulnerability resides. Organizations should be aware of the potential impact on confidentiality, integrity, and availability.

Defensive priority

High priority should be given to patching this vulnerability due to its critical CVSS score and the potential for significant impact if exploited.

Recommended defensive actions

  • Apply the patches provided by Oracle for Oracle WebCenter Enterprise Capture versions 12.2.1.4.0 and 14.1.2.0.0.
  • Implement network access controls to limit access to Oracle WebCenter Enterprise Capture.
  • Monitor for any suspicious activity related to Oracle WebCenter Enterprise Capture.
  • Review and update security configurations for Oracle WebCenter Enterprise Capture to ensure they align with organizational security policies.
  • Conduct a thorough review of the affected product deployments in managed environments.
  • Verify the integrity of the system and monitor for potential exploitation attempts.
  • Track and document the remediation process for future reference and auditing purposes.

Evidence notes

The CVE record was published on 2026-06-17T10:53:55.780Z and was last modified on 2026-06-18T22:36:31.753Z. The NVD entry is currently Analyzed. Evidence is limited, and defenders should verify the affected product deployments and review the official advisory for further details. The vulnerability's scope and potential impact on additional products should be carefully evaluated.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-06-17T10:53:55.780Z and has not been modified since then. The NVD entry is currently Analyzed.