PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-46803 Oracle Corporation CVE debrief

A critical vulnerability was discovered in Oracle WebCenter Portal's Security Framework. This vulnerability, tracked as CVE-2026-46803, allows unauthenticated attackers with network access via HTTP to compromise Oracle WebCenter Portal. The vulnerability has a CVSS 3.1 Base Score of 10.0, indicating high impacts on Confidentiality, Integrity, and Availability. The affected versions are 12.2.1.4.0 and 14.1.2.0.0. Successful attacks can result in the takeover of Oracle WebCenter Portal. The CVE record was published on 2026-06-17T10:53:57.947Z and has not been modified since then. The NVD entry is currently Analyzed.

Vendor
Oracle Corporation
Product
Oracle WebCenter Portal
CVSS
CRITICAL 10
CISA KEV
Not listed in stored evidence
Original CVE published
2026-06-17
Original CVE updated
2026-06-19
Advisory published
2026-06-17
Advisory updated
2026-06-19

Who should care

Organizations using Oracle WebCenter Portal versions 12.2.1.4.0 and 14.1.2.0.0 should prioritize patching this vulnerability to prevent potential takeovers. Security teams and administrators responsible for Oracle WebCenter Portal installations should take immediate action.

Technical summary

CVE-2026-46803 is a critical vulnerability in the Oracle WebCenter Portal product of Oracle Fusion Middleware, specifically in the Security Framework component. The vulnerability allows unauthenticated attackers with network access via HTTP to compromise Oracle WebCenter Portal. Successful attacks can result in the takeover of Oracle WebCenter Portal. The CVSS 3.1 Base Score is 10.0, with high impacts on Confidentiality, Integrity, and Availability. The CVSS Vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H. Affected versions include 12.2.1.4.0 and 14.1.2.0.0.

Defensive priority

High

Recommended defensive actions

  • Apply the latest security patches from Oracle Corporation
  • Restrict network access to Oracle WebCenter Portal
  • Monitor for suspicious activity
  • Implement compensating controls
  • Inventory and verify affected systems
  • Review relevant monitoring, detection, and logs for exposed assets that need extra review
  • Track exceptions, retest remediated assets, and close the item only after evidence is documented

Evidence notes

The CVE record was published on 2026-06-17T10:53:57.947Z and was last modified on 2026-06-19T06:17:08.920Z. The NVD entry is currently Analyzed. Vendor advisory is available from Oracle Corporation. The vulnerability affects Oracle WebCenter Portal versions 12.2.1.4.0 and 14.1.2.0.0, with a CVSS 3.1 Base Score of 10.0, indicating high impacts on Confidentiality, Integrity, and Availability.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-06-17T10:53:57.947Z and has not been modified since then. The NVD entry is currently Analyzed.