PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-46788 Oracle Corporation CVE debrief

A high-severity vulnerability was found in Oracle WebCenter Content, a product of Oracle Fusion Middleware. The vulnerability, tracked as CVE-2026-46788, has a CVSS score of 8.4 and can be easily exploited by high-privileged attackers with network access via HTTP. Successful attacks require human interaction from a person other than the attacker and can result in the takeover of Oracle WebCenter Content. The vulnerability is in the Content Server component and affects version 14.1.2.0.0.

Vendor
Oracle Corporation
Product
Oracle WebCenter Content
CVSS
HIGH 8.4
CISA KEV
Not listed in stored evidence
Original CVE published
2026-06-17
Original CVE updated
2026-06-19
Advisory published
2026-06-17
Advisory updated
2026-06-19

Who should care

Security teams and administrators responsible for Oracle WebCenter Content should prioritize patching this vulnerability. The high CVSS score and potential for significant impact on additional products make it crucial to address.

Technical summary

CVE-2026-46788 is a vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware, specifically in the Content Server component. The vulnerability has a CVSS 3.1 Base Score of 8.4, indicating high impacts on Confidentiality, Integrity, and Availability. The CVSS Vector is CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H. The supported version affected is 14.1.2.0.0. Easily exploitable, the vulnerability allows high-privileged attackers with network access via HTTP to compromise Oracle WebCenter Content. Successful attacks require human interaction from a person other than the attacker and can result in the takeover of Oracle WebCenter Content. The vulnerability is in the Content Server component.

Defensive priority

High

Recommended defensive actions

  • Apply the patch from Oracle as soon as possible
  • Restrict access to Oracle WebCenter Content to only necessary personnel
  • Monitor for suspicious activity around Oracle WebCenter Content
  • Implement additional security controls to prevent exploitation
  • Review and update incident response plans to address potential impacts

Evidence notes

The CVE record was published on 2026-06-17T10:53:56.393Z and was last modified on 2026-06-19T06:17:08.523Z. The NVD entry is currently Analyzed. The vulnerability is in the Content Server component of Oracle WebCenter Content version 14.1.2.0.0.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-06-17T10:53:56.393Z and has not been modified since then. The NVD entry is currently Analyzed.