PatchSiren cyber security CVE debrief
CVE-2026-46845 Oracle Corporation CVE debrief
A critical vulnerability was discovered in Oracle WebCenter Portal's Security Framework, tracked as CVE-2026-46845, with a CVSS score of 9.8. The vulnerability allows unauthenticated attackers with network access via HTTPS to compromise the system, potentially leading to a complete takeover of Oracle WebCenter Portal. Successful attacks can result in high impacts on confidentiality, integrity, and availability.
- Vendor
- Oracle Corporation
- Product
- Oracle WebCenter Portal
- CVSS
- CRITICAL 9.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-17
- Original CVE updated
- 2026-06-23
- Advisory published
- 2026-06-17
- Advisory updated
- 2026-06-23
Who should care
Administrators and security teams responsible for Oracle WebCenter Portal installations should prioritize patching this vulnerability to prevent potential system takeovers. They should review the official advisory, assess their exposure, and implement compensating controls if necessary.
Technical summary
The vulnerability is located in the Security Framework component of Oracle WebCenter Portal, affecting versions 12.2.1.4.0 and 14.1.2.0.0. It has a CVSS vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, indicating a high impact on confidentiality, integrity, and availability. The vulnerability is easily exploitable and allows unauthenticated attackers with network access via HTTPS to compromise the system.
Defensive priority
High
Recommended defensive actions
- Apply the security patch provided by Oracle Corporation
- Restrict access to Oracle WebCenter Portal to trusted networks and users
- Monitor system logs for suspicious activity
- Consider implementing additional security controls, such as multi-factor authentication
- Review and update asset inventory to identify potentially affected systems
- Track exceptions and retest remediated assets
- Plan for regular security audits and vulnerability assessments
Evidence notes
The CVE record was published on 2026-06-17T10:54:02.020Z and last modified on 2026-06-23T05:17:04.173Z. The NVD entry is currently Analyzed. The vulnerability affects Oracle WebCenter Portal versions 12.2.1.4.0 and 14.1.2.0.0. Evidence is based on the official CVE record and NVD entry. Defenders should verify affected deployments and review vendor guidance.
Official resources
-
CVE-2026-46845 CVE record
CVE.org
-
CVE-2026-46845 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-06-17T10:54:02.020Z and has not been modified since then. The NVD entry is currently Analyzed.