PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-46813 Oracle Corporation CVE debrief

A critical vulnerability was discovered in Oracle WebCenter Content, a product of Oracle Fusion Middleware. The vulnerability affects versions 12.2.1.4.0 and 14.1.2.0.0 of the Content Server component. It allows unauthenticated attackers with network access via HTTP to compromise Oracle WebCenter Content, potentially leading to a takeover of the system. The CVSS 3.1 Base Score is 9.8, indicating a high impact on confidentiality, integrity, and availability. This vulnerability is easily exploitable and has a high impact on confidentiality, integrity, and availability.

Vendor
Oracle Corporation
Product
Oracle WebCenter Content
CVSS
CRITICAL 9.8
CISA KEV
Not listed in stored evidence
Original CVE published
2026-06-17
Original CVE updated
2026-06-17
Advisory published
2026-06-17
Advisory updated
2026-06-17

Who should care

Organizations using Oracle WebCenter Content versions 12.2.1.4.0 and 14.1.2.0.0 should prioritize patching this vulnerability to prevent potential system compromise. This is crucial for operators managing these systems, as well as for platform administrators, vulnerability management teams, and security teams who need to assess and mitigate the risk associated with this critical vulnerability.

Technical summary

The vulnerability is located in the Content Server component of Oracle WebCenter Content, affecting versions 12.2.1.4.0 and 14.1.2.0.0. It has a CVSS Vector of (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating that it is easily exploitable and has a high impact on confidentiality, integrity, and availability. The CVSS 3.1 Base Score is 9.8, highlighting the critical nature of this vulnerability. Unauthenticated attackers with network access via HTTP can compromise Oracle WebCenter Content, potentially leading to a system takeover. The high CVSS score and the potential for system takeover indicate that the vulnerability should be prioritized for remediation. Defenders should focus on patching Oracle WebCenter Content versions 12.2.1.4.0 and 14.1.2.0.0 first and implement compensating controls to mitigate the risk of exploitation.

Defensive priority

High, given the CVSS score of 9.8 and the potential for system takeover. Immediate action is required to patch the vulnerability and prevent potential system compromise. The high CVSS score indicates that the vulnerability is critical and should be prioritized for remediation. Oracle WebCenter Content versions 12.2.1.4.0 and 14.1.2.0.0 are affected, and defenders should focus on patching these versions first. Compensating controls, such as monitoring and restricting access, should also be implemented to mitigate the risk of exploitation. Additionally, defenders should verify that network access to Oracle WebCenter Content is properly restricted and monitor for any suspicious activity related to Oracle WebCenter Content. A thorough inventory check should be conducted to identify affected systems, and the patch should be applied as recommended by Oracle. The vulnerability is located in the Content Server component of Oracle WebCenter Content, and its high CVSS score indicates a high likelihood of exploitation. Therefore, defenders should prioritize patching this vulnerability to prevent potential system compromise. The CVSS Vector of (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) indicates that the vulnerability is easily exploitable and has a high impact on confidentiality, integrity, and availability. The vulnerability allows unauthenticated attackers with network access via HTTP to compromise Oracle WebCenter Content, potentially leading to a takeover of the system. The CVSS 3.1 Base Score of 9.8 indicates a high impact on confidentiality, integrity, and availability. The vulnerability affects versions 12.2.1.4.0 and 14.1.2.0.0 of the Content Server component of Oracle WebCenter Content. The high CVSS score and the potential for system takeover indicate that the vulnerability should be prioritized for remediation. Defenders should focus on patching Oracle WebCenter Content versions 12.2.1.4.0 and 14.1.2.0.0 first and implement compensating controls to mitigate the risk of exploitation. The vulnerability is easily exploitable and has a high impact on confidentiality, integrity, and availability, indicating that immediate action is required to patch the The CVSS

Recommended defensive actions

  • Apply the patch as recommended by Oracle
  • Conduct a thorough inventory check to identify affected systems
  • Implement compensating controls to monitor and restrict access to Oracle WebCenter Content
  • Verify that network access to Oracle WebCenter Content is properly restricted
  • Monitor for any suspicious activity related to Oracle WebCenter Content

Evidence notes

The CVE record was published on 2026-06-17T10:53:58.880Z and was last modified on 2026-06-17T20:37:31.277Z. The NVD entry is currently Analyzed. The vulnerability affects Oracle WebCenter Content versions 12.2.1.4.0 and 14.1.2.0.0, which are supported versions. The CVE record was created based on information from Oracle, and it is considered reliable. However, defenders should verify the information with Oracle to ensure accuracy.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-06-17T10:53:58.880Z and has not been modified since then. The NVD entry is currently Analyzed.