PatchSiren cyber security CVE debrief
CVE-2026-46795 Oracle Corporation CVE debrief
A critical vulnerability was discovered in Oracle WebCenter Content, a product of Oracle Fusion Middleware. The vulnerability, tracked as CVE-2026-46795, affects version 14.1.2.0.0 of the software. It is an easily exploitable vulnerability that allows an unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Content. Successful attacks require human interaction from a person other than the attacker and can result in unauthorized creation, deletion, or modification access to critical data or all Oracle WebCenter Content accessible data, as well as unauthorized access to critical data or complete access to all Oracle WebCenter Content accessible data.
- Vendor
- Oracle Corporation
- Product
- Oracle WebCenter Content
- CVSS
- CRITICAL 9.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-17
- Original CVE updated
- 2026-06-19
- Advisory published
- 2026-06-17
- Advisory updated
- 2026-06-19
Who should care
Organizations using Oracle WebCenter Content version 14.1.2.0.0 should prioritize patching this vulnerability to prevent potential attacks. The vulnerability's critical severity and ease of exploitation make it a high-risk issue that requires immediate attention.
Technical summary
The vulnerability in Oracle WebCenter Content has a CVSS 3.1 Base Score of 9.3, indicating a critical severity level. The CVSS Vector is (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N), showing that the vulnerability allows for high impacts on confidentiality and integrity. The vulnerability is exploitable via network access with low attack complexity and requires user interaction. It affects version 14.1.2.0.0 of Oracle WebCenter Content, a product of Oracle Fusion Middleware. Successful attacks require human interaction from a person other than the attacker and can result in unauthorized creation, deletion, or modification access to critical data or all Oracle WebCenter Content accessible data, as well as unauthorized access to critical data or complete access to all Oracle WebCenter Content accessible data.
Defensive priority
High
Recommended defensive actions
- Apply the patch provided by Oracle Corporation as soon as possible.
- Implement compensating controls, such as monitoring and exception tracking, to detect potential attacks.
- Conduct inventory checks to ensure that all instances of Oracle WebCenter Content version 14.1.2.0.0 are identified and patched.
- Consider implementing additional security measures, such as network segmentation and access controls, to reduce the attack surface.
- Review the supplied official advisory or CVE record to validate affected scope, severity, and vendor guidance.
- Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up.
- Plan vendor-supported updates or mitigations through normal change control where exposure is confirmed.
Evidence notes
The CVE record was published on 2026-06-17T10:53:57.107Z and was last modified on 2026-06-19T06:17:08.720Z. The NVD entry is currently Analyzed. The vulnerability is described in the Oracle Security Alert for June 2026.
Official resources
-
CVE-2026-46795 CVE record
CVE.org
-
CVE-2026-46795 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-06-17T10:53:57.107Z and has not been modified since then. The NVD entry is currently Analyzed.