PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-46796 Oracle Corporation CVE debrief

A high-severity vulnerability was found in Oracle WebCenter Sites, a product of Oracle Fusion Middleware. The vulnerability, tracked as CVE-2026-46796, has a CVSS score of 8.0 and can be easily exploited by low-privileged attackers with network access via HTTP. Successful attacks require human interaction from a person other than the attacker and can result in the takeover of Oracle WebCenter Sites. The vulnerability affects versions 12.2.1.4.0 and 14.1.2.0.0 of Oracle WebCenter Sites.

Vendor
Oracle Corporation
Product
Oracle WebCenter Sites
CVSS
HIGH 8
CISA KEV
Not listed in stored evidence
Original CVE published
2026-06-17
Original CVE updated
2026-06-17
Advisory published
2026-06-17
Advisory updated
2026-06-17

Who should care

Administrators and users of Oracle WebCenter Sites versions 12.2.1.4.0 and 14.1.2.0.0 should be aware of this vulnerability and take necessary precautions to prevent exploitation. This includes reviewing the official CVE record and vendor advisory for detailed guidance on affected scope, severity, and vendor guidance. They should also consider implementing additional security measures such as restricting access to Oracle WebCenter Sites to only necessary personnel and monitoring for suspicious activity.

Technical summary

The vulnerability is located in the WebCenter Sites component of Oracle WebCenter Sites. It has a CVSS Vector of (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H), indicating a high impact on confidentiality, integrity, and availability. The vulnerability is classified as CWE-601 and CWE-noinfo. Successful attacks require human interaction from a person other than the attacker and can result in the takeover of Oracle WebCenter Sites. The vulnerability affects versions 12.2.1.4.0 and 14.1.2.0.0 of Oracle WebCenter Sites. It is easily exploitable by low-privileged attackers with network access via HTTP.

Defensive priority

High, based on CVSS score of 8.0 and potential impact on confidentiality, integrity, and availability. Immediate attention is recommended for administrators and users of affected versions to apply necessary patches and take precautions to prevent exploitation. Compensating controls and monitoring are also suggested until patches can be applied. This prioritization is based on the CVSS vector (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H). Consider implementing additional security measures such as restricting access to Oracle WebCenter Sites to only necessary personnel and monitoring for suspicious activity. The vulnerability is classified as CWE-601 and CWE-noinfo, indicating a high level of severity and potential for exploitation. Further verification of affected systems and implementation of mitigations is crucial to prevent potential takeover of Oracle WebCenter Sites. The recommended actions below provide a comprehensive approach to addressing this vulnerability. Administrators should review the official CVE record and vendor advisory for detailed guidance on affected scope, severity, and vendor guidance. This vulnerability requires immediate attention due to its high severity and potential impact on affected systems. The debrief provided here aims to provide an executive overview of the vulnerability, its likely operational impact, and the context for review. It is essential to track exceptions, retest remediated assets, and close the item only after evidence is documented to ensure thorough mitigation of the vulnerability. The information provided here is based on the available source corpus and may not reflect the full scope of the vulnerability. Therefore, it is crucial to verify the information with official sources and perform thorough vulnerability assessments. The CVE record and NVD entry provide critical details for understanding and mitigating this vulnerability. By following the recommended actions and taking immediate precautions, administrators can reduce the risk of exploitation and potential impact on their systems. The goal is to ensure that all necessary steps are taken to prevent the takeover of Oracle WebCenter Sites and maintain the Conf,

Recommended defensive actions

  • Apply the latest security patches and updates provided by Oracle Corporation
  • Restrict access to Oracle WebCenter Sites to only necessary personnel
  • Monitor for suspicious activity and implement additional security measures as needed
  • Consider implementing compensating controls to mitigate the risk of exploitation
  • Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up
  • Review the supplied official advisory or CVE record to validate affected scope, severity, and vendor guidance
  • Plan vendor-supported updates or mitigations through normal change control where exposure is confirmed

Evidence notes

The CVE record was published on 2026-06-17T10:53:57.210Z and last modified on 2026-06-17T19:28:12.197Z. The NVD entry is currently Analyzed. This information is based on the provided source corpus and may not reflect the full scope of the vulnerability. Further verification is recommended.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-06-17T10:53:57.210Z and has not been modified since then. The NVD entry is currently Analyzed.