PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-46845 Oracle Corporation CVE debrief

A critical vulnerability was discovered in Oracle WebCenter Portal's Security Framework, tracked as CVE-2026-46845, with a CVSS score of 9.8. The vulnerability allows unauthenticated attackers with network access via HTTPS to compromise the system, potentially leading to a complete takeover of Oracle WebCenter Portal. Successful attacks can result in high impacts on confidentiality, integrity, and availability.

Vendor
Oracle Corporation
Product
Oracle WebCenter Portal
CVSS
CRITICAL 9.8
CISA KEV
Not listed in stored evidence
Original CVE published
2026-06-17
Original CVE updated
2026-06-23
Advisory published
2026-06-17
Advisory updated
2026-06-23

Who should care

Administrators and security teams responsible for Oracle WebCenter Portal installations should prioritize patching this vulnerability to prevent potential system takeovers. They should review the official advisory, assess their exposure, and implement compensating controls if necessary.

Technical summary

The vulnerability is located in the Security Framework component of Oracle WebCenter Portal, affecting versions 12.2.1.4.0 and 14.1.2.0.0. It has a CVSS vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, indicating a high impact on confidentiality, integrity, and availability. The vulnerability is easily exploitable and allows unauthenticated attackers with network access via HTTPS to compromise the system.

Defensive priority

High

Recommended defensive actions

  • Apply the security patch provided by Oracle Corporation
  • Restrict access to Oracle WebCenter Portal to trusted networks and users
  • Monitor system logs for suspicious activity
  • Consider implementing additional security controls, such as multi-factor authentication
  • Review and update asset inventory to identify potentially affected systems
  • Track exceptions and retest remediated assets
  • Plan for regular security audits and vulnerability assessments

Evidence notes

The CVE record was published on 2026-06-17T10:54:02.020Z and last modified on 2026-06-23T05:17:04.173Z. The NVD entry is currently Analyzed. The vulnerability affects Oracle WebCenter Portal versions 12.2.1.4.0 and 14.1.2.0.0. Evidence is based on the official CVE record and NVD entry. Defenders should verify affected deployments and review vendor guidance.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-06-17T10:54:02.020Z and has not been modified since then. The NVD entry is currently Analyzed.