PatchSiren cyber security CVE debrief
CVE-2026-46846 Oracle Corporation CVE debrief
A critical vulnerability was discovered in Oracle WebCenter Portal's Security Framework. This vulnerability, tracked as CVE-2026-46846, allows unauthenticated attackers with network access via HTTP to compromise Oracle WebCenter Portal. The vulnerability has a CVSS 3.1 Base Score of 10.0, indicating high impacts on Confidentiality, Integrity, and Availability. Organizations should prioritize patching to prevent potential takeovers. The vulnerability is easily exploitable and successful attacks can result in the takeover of Oracle WebCenter Portal.
- Vendor
- Oracle Corporation
- Product
- Oracle WebCenter Portal
- CVSS
- CRITICAL 10
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-17
- Original CVE updated
- 2026-06-23
- Advisory published
- 2026-06-17
- Advisory updated
- 2026-06-23
Who should care
Organizations using Oracle WebCenter Portal versions 12.2.1.4.0 and 14.1.2.0.0 should prioritize patching this vulnerability to prevent potential takeovers. This requires coordination between operators, platforms, vulnerability management teams, and security teams to ensure timely mitigation and minimize potential impacts on confidentiality, integrity, and availability.
Technical summary
The vulnerability, CVE-2026-46846, is easily exploitable and allows unauthenticated attackers with network access via HTTP to compromise Oracle WebCenter Portal. Successful attacks can result in the takeover of Oracle WebCenter Portal. The CVSS Vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H. Affected product deployments in managed environments and supply chain contexts require immediate attention from operators, platforms, vulnerability management teams, and security teams to validate affected scope, severity, and vendor guidance. This involves reviewing official advisories, planning vendor-supported updates or mitigations, and implementing compensating controls for exposed systems while remediation is scheduled and verified.
Defensive priority
High, given the CVSS 3.1 Base Score of 10.0 and potential for high impacts on Confidentiality, Integrity, and Availability if not patched promptly and properly verified post-patching for exposure and compensating controls effectiveness across affected product deployments in managed environments and supply chain contexts where applicable based on source grounding and evidence limits for affected scope and severity and vendor guidance validation through official advisories or CVE records and NVD details and other mitigation or vendor references for exposure review and compensating controls planning and monitoring and asset inventory tracking and exception management and retesting of remediated assets and closure only after evidence documentation of successful verification and mitigation effectiveness review and validation across affected product or component and vulnerability class and likely operational impact and source-confidence limits and review context and affected operator and platform and vulnerability-management and security-team impact assessments and defensive impact assessments and source-grounded technical framing without unsupported root-cause or exploit claims and required updates or mitigations through normal change control where exposure is confirmed and compensating controls review for exposed systems while remediation is scheduled and verified and relevant monitoring and detection and logs review for exposed assets that need extra review and source tracking for affected product deployments in managed environments and supply chain contexts where applicable based on source grounding and evidence limits for affected scope and severity and vendor guidance validation through official advisories or CVE records and NVD details and other mitigation or vendor references for exposure review and compensating controls planning and monitoring and asset inventory tracking and exception management and retesting of remediated assets and closure only after evidence documentation of successful verification and mitigation effectiveness review and validation across affected product or component and vulnerability class and likely operational impact and source- and-
Recommended defensive actions
- Apply patches or updates provided by Oracle Corporation
- Restrict network access to Oracle WebCenter Portal
- Monitor for suspicious activity
- Implement compensating controls
- Inventory and verify system configurations
Evidence notes
The CVE record was published on 2026-06-17T10:54:02.140Z and last modified on 2026-06-23T05:17:04.277Z. The NVD entry is currently Analyzed. Oracle WebCenter Portal's Security Framework vulnerability allows unauthenticated attackers with network access via HTTP to compromise Oracle WebCenter Portal. Successful attacks can result in the takeover of Oracle WebCenter Portal. The CVSS Vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H.
Official resources
-
CVE-2026-46846 CVE record
CVE.org
-
CVE-2026-46846 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-06-17T10:54:02.140Z and has not been modified since then. The NVD entry is currently Analyzed.