HarborGuardharborguardDatabase
Back to search
CRITICALCVE-2026-46779Published Modified CNA oracle

CVE-2026-46779: Vulnerability in the Oracle WebCenter Enterprise Capture product of Oracle Fusion Middleware (component: Client Bundle)

Vulnerability in the Oracle WebCenter Enterprise Capture product of Oracle Fusion Middleware (component: Client Bundle). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via T3 to compromise Oracle WebCenter Enterprise Capture. While the vulnerability is in Oracle WebCenter Enterprise Capture, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle WebCenter Enterprise Capture. CVSS 3.1 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).

Metrics

CVSS v3.1
9.9
Severity
CRITICAL
Fixed in
Affected Products
1

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

A remote code execution vulnerability affects Oracle WebCenter Enterprise Capture (Client Bundle component), versions 12.2.1.4.0 and 14.1.2.0.0. An attacker with a low-privilege account and network access over the T3 protocol can exploit this flaw with no victim interaction required, and the scope change means neighboring services beyond WebCenter itself are also at risk. Successful exploitation results in full takeover of the Oracle WebCenter Enterprise Capture instance, giving the attacker read, write, and denial-of-service capability across the affected system and potentially adjacent products. HarborGuard is tracking the Oracle advisory and will make a patched-image rebuild available the moment Oracle publishes a fix version.

HarborGuard Coverage

Detection

Detection for CVE-2026-46779 is available across every HarborGuard environment: the CVE is ingested from upstream feeds within minutes of publication and matched against all customer images, including custom-built images that bundle Oracle WebCenter Enterprise Capture 12.2.1.4.0 or 14.1.2.0.0. Any image in a connected registry or CI pipeline carrying an affected version is flagged automatically.

Available
Triage

HarborGuard is capable of scoring this CVE at its published CVSS 3.1 base score of 9.9 (Critical) and weighting it against each environment's compliance policy to determine urgency and routing. Findings are routed to the appropriate team inbox within each customer organization based on configured ownership rules.

Available
Patch

Because no fix version has been published by Oracle for this CVE, HarborGuard re-checks the advisory on every ingest cycle and will make a patched-image rebuild available automatically the moment an upstream fix is released. In the interim, customers can apply compensating controls through HarborGuard's network-policy recommendations, such as restricting T3 port access at the container network layer.

Pending upstream

Exploit Conditions

  • Network reachabilityRequired

    The attacker must reach the service over the network via the T3 protocol; internet or internal network exposure is sufficient.

  • AuthenticationRequired

    Any low-privilege account is sufficient; no administrative credentials are needed.

  • Victim interactionNot required

    No victim action is needed; the attacker can trigger the vulnerability entirely on their own.

  • Attack complexityDetail

    The exploit is reliable and condition-free, requiring no race conditions or specific environmental state beyond network access and a valid low-privilege credential.

Blast Radius

  • Reads all data accessible to the WebCenter Enterprise Capture service, including captured documents, metadata, and stored credentials.
  • Modifies or deletes persisted capture data and application configuration.
  • Crashes or degrades the WebCenter Enterprise Capture service, disrupting document ingestion workflows.
  • Pivots to additional products in the same environment due to the CVSS scope change, potentially compromising services that trust the WebCenter instance.

How HarborGuard Handles This

Available on HarborGuard: detection for this Critical-severity CVE (CVSS 9.9) is active across all connected environments, flagging images that include Oracle WebCenter Enterprise Capture 12.2.1.4.0 or 14.1.2.0.0. Because Oracle has not yet published a fix version, HarborGuard monitors the upstream advisory on every ingest cycle and will make a patched-image rebuild available automatically once a fix is released. For customers who opt into auto-remediation, that rebuild triggers a regression test run and a PR opened against affected workloads with no manual steps required. In the meantime, HarborGuard can surface network-policy recommendations to help isolate T3 port exposure at the container network layer, reducing the reachable attack surface while the upstream patch is pending.

See how HarborGuard automates this
Affected packages
  • Oracle Corporation / Oracle WebCenter Enterprise Capture
    12.2.1.4.0 · 14.1.2.0.0
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
References