PatchSiren cyber security CVE debrief
CVE-2026-46803 Oracle Corporation CVE debrief
A critical vulnerability was discovered in Oracle WebCenter Portal's Security Framework. This vulnerability, tracked as CVE-2026-46803, allows unauthenticated attackers with network access via HTTP to compromise Oracle WebCenter Portal. The vulnerability has a CVSS 3.1 Base Score of 10.0, indicating high impacts on Confidentiality, Integrity, and Availability. The affected versions are 12.2.1.4.0 and 14.1.2.0.0. Successful attacks can result in the takeover of Oracle WebCenter Portal. The CVE record was published on 2026-06-17T10:53:57.947Z and has not been modified since then. The NVD entry is currently Analyzed.
- Vendor
- Oracle Corporation
- Product
- Oracle WebCenter Portal
- CVSS
- CRITICAL 10
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-17
- Original CVE updated
- 2026-06-19
- Advisory published
- 2026-06-17
- Advisory updated
- 2026-06-19
Who should care
Organizations using Oracle WebCenter Portal versions 12.2.1.4.0 and 14.1.2.0.0 should prioritize patching this vulnerability to prevent potential takeovers. Security teams and administrators responsible for Oracle WebCenter Portal installations should take immediate action.
Technical summary
CVE-2026-46803 is a critical vulnerability in the Oracle WebCenter Portal product of Oracle Fusion Middleware, specifically in the Security Framework component. The vulnerability allows unauthenticated attackers with network access via HTTP to compromise Oracle WebCenter Portal. Successful attacks can result in the takeover of Oracle WebCenter Portal. The CVSS 3.1 Base Score is 10.0, with high impacts on Confidentiality, Integrity, and Availability. The CVSS Vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H. Affected versions include 12.2.1.4.0 and 14.1.2.0.0.
Defensive priority
High
Recommended defensive actions
- Apply the latest security patches from Oracle Corporation
- Restrict network access to Oracle WebCenter Portal
- Monitor for suspicious activity
- Implement compensating controls
- Inventory and verify affected systems
- Review relevant monitoring, detection, and logs for exposed assets that need extra review
- Track exceptions, retest remediated assets, and close the item only after evidence is documented
Evidence notes
The CVE record was published on 2026-06-17T10:53:57.947Z and was last modified on 2026-06-19T06:17:08.920Z. The NVD entry is currently Analyzed. Vendor advisory is available from Oracle Corporation. The vulnerability affects Oracle WebCenter Portal versions 12.2.1.4.0 and 14.1.2.0.0, with a CVSS 3.1 Base Score of 10.0, indicating high impacts on Confidentiality, Integrity, and Availability.
Official resources
-
CVE-2026-46803 CVE record
CVE.org
-
CVE-2026-46803 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-06-17T10:53:57.947Z and has not been modified since then. The NVD entry is currently Analyzed.