HarborGuardharborguardDatabase
Back to search
CRITICALCVE-2026-46781Published Modified CNA oracle

CVE-2026-46781: Vulnerability in the Oracle WebCenter Enterprise Capture product of Oracle Fusion Middleware (component: Client Bundle)

Vulnerability in the Oracle WebCenter Enterprise Capture product of Oracle Fusion Middleware (component: Client Bundle). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via RMI to compromise Oracle WebCenter Enterprise Capture. While the vulnerability is in Oracle WebCenter Enterprise Capture, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle WebCenter Enterprise Capture. CVSS 3.1 Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).

Metrics

CVSS v3.1
10.0
Severity
CRITICAL
Fixed in
Affected Products
1

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

A remote code execution vulnerability exists in the Client Bundle component of Oracle WebCenter Enterprise Capture, part of Oracle Fusion Middleware, affecting versions 12.2.1.4.0 and 14.1.2.0.0. The flaw is reachable over the network via RMI (Remote Method Invocation, a Java inter-process communication protocol) with no authentication required and no user interaction needed, and the CVSS scope change indicates that a successful attack can spill beyond the compromised process into adjacent systems. Successful exploitation gives an attacker full takeover of the affected installation, including complete read, write, and availability control, and the scope change means neighboring services or containers are also at risk. HarborGuard is tracking this advisory for patch availability and will make a patched-image rebuild available the moment Oracle publishes a fix.

HarborGuard Coverage

Detection

Detection for CVE-2026-46781 is available across every HarborGuard environment: the CVE is ingested from upstream feeds within minutes of publication and matched against all customer images in connected registries and CI/CD pipelines, including custom-built images derived from Oracle Fusion Middleware base layers.

Available
Triage

Triage is available with a CVSS 3.1 score of 10.0 (Critical), and HarborGuard applies each customer organization's compliance policy weighting to prioritize routing, ensuring findings land in the right team inbox based on workload ownership and policy thresholds.

Available
Patch

No fix versions have been published by Oracle for this CVE. HarborGuard re-checks the advisory on every ingest cycle and will make a patched-image rebuild available automatically the moment an upstream fix is released; for customers with auto-remediation enabled, the rebuild, regression run, and PR against affected workloads will follow without manual intervention.

Pending upstream

Exploit Conditions

  • Network reachabilityRequired

    The attacker must reach the Oracle WebCenter Enterprise Capture RMI service over the network; any host with TCP connectivity to the exposed port is in scope.

  • AuthenticationNot required

    No credentials or session token of any kind are needed; the vulnerable RMI endpoint accepts unauthenticated requests.

  • Victim interactionNot required

    The attack is fully server-side and requires no action from any user or operator of the affected system.

  • Attack complexityDetail

    Attack complexity is Low, meaning the exploit is reliable and repeatable without needing to satisfy race conditions, guess memory layouts, or meet any special environmental prerequisites.

Blast Radius

  • The attacker gains full read access to all data processed or stored by Oracle WebCenter Enterprise Capture, including captured documents, metadata, and stored credentials.
  • The attacker can write or modify any data within the application, including altering captured content, injecting malicious records, or overwriting configuration.
  • The attacker can crash or indefinitely disable the Oracle WebCenter Enterprise Capture service, halting document capture workflows.
  • Because the CVSS scope is changed, the attacker can pivot from the compromised Capture process into adjacent services or containers sharing the same host or network segment, extending control beyond the initial target.

How HarborGuard Handles This

Available on HarborGuard: detection for this Critical-severity CVE (CVSS 10.0) is active and matches against all images in connected registries and pipelines, including custom images built on Oracle Fusion Middleware layers. Because Oracle has not yet published a fix for versions 12.2.1.4.0 or 14.1.2.0.0, HarborGuard monitors the advisory on every ingest cycle and will trigger an automatic patched-image rebuild the moment an upstream fix is released. For customers with auto-remediation enabled, that rebuild will be followed immediately by a regression-test run and a PR opened against affected workloads. In the meantime, compensating controls worth evaluating include network-policy rules that restrict inbound access to the RMI port to known-good source ranges, egress filtering to limit lateral movement in the event of a scope-change exploit, and feature-flag or deployment gating to disable the Client Bundle component where capture workflows can tolerate downtime.

See how HarborGuard automates this
Affected packages
  • Oracle Corporation / Oracle WebCenter Enterprise Capture
    12.2.1.4.0 · 14.1.2.0.0
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
References