HarborGuardharborguardDatabase
Back to search
CRITICALCVE-2026-46785Published Modified CNA oracle

CVE-2026-46785: Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware (component: Content Server)

Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware (component: Content Server). The supported version that is affected is 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Content. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebCenter Content, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle WebCenter Content accessible data as well as unauthorized access to critical data or complete access to all Oracle WebCenter Content accessible data. CVSS 3.1 Base Score 9.3 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N).

Metrics

CVSS v3.1
9.3
Severity
CRITICAL
Fixed in
Affected Products
1

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

This is a critical-severity cross-scope injection or request-forgery class vulnerability in the Content Server component of Oracle WebCenter Content (version 14.1.2.0.0), reachable over HTTP with no authentication required. An unauthenticated remote attacker can exploit it by getting a user to interact with a malicious link or page, and the scope change flag means a successful attack can spill over to affect products beyond WebCenter Content itself. Exploitation gives the attacker full read access to all WebCenter Content data and the ability to create, modify, or delete critical content records. HarborGuard is tracking this advisory and will make a patched-image rebuild available the moment Oracle publishes a fix version.

HarborGuard Coverage

Detection

Detection capability is available across every HarborGuard environment: the CVE is ingested from Oracle and upstream security feeds within minutes of publication and matched against customer images in connected registries and CI pipelines, including custom-built images layering Oracle WebCenter Content components.

Available
Triage

HarborGuard is capable of scoring this CVE at its published CVSS 3.1 base score of 9.3 (Critical) and weighting it against each environment's compliance policy to surface it at the appropriate severity tier; routing to the correct team inbox within each customer organization is handled automatically based on image ownership and policy configuration.

Available
Patch

Because no fix version has been published by Oracle, HarborGuard re-checks the advisory on every ingest cycle and will make a patched-image rebuild available automatically the moment an upstream fix is released. For customers with auto-remediation enabled, the rebuild, regression test run, and PR against affected workloads will be triggered without manual intervention as soon as a fix version is confirmed.

Pending upstream

Exploit Conditions

  • Network reachabilityRequired

    The attacker must reach the Content Server over the network via HTTP; no local or physical access is required.

  • AuthenticationNot required

    No account or credential of any kind is needed; the attacker is fully unauthenticated before exploitation begins.

  • Victim interactionRequired

    A person other than the attacker must take an action (such as clicking a crafted link or visiting a malicious page) for the attack to succeed.

  • Attack complexityDetail

    Attack complexity is Low, meaning the exploit is reliable and requires no special timing, race conditions, or environmental preconditions beyond victim interaction.

Blast Radius

  • Reads all data accessible within Oracle WebCenter Content, including documents, metadata, and stored credentials or session material managed by the Content Server.
  • Creates, modifies, or permanently deletes critical content records and document repositories within the affected WebCenter Content instance.
  • Because the CVSS scope is changed, attacker influence can extend to other products or components that share the same environment or trust boundary as WebCenter Content.

How HarborGuard Handles This

Available on HarborGuard: detection for CVE-2026-46785 is active across connected environments, matching any image that ships or extends Oracle WebCenter Content 14.1.2.0.0 components. Because Oracle has not yet published a fix version, no patched rebuild is available upstream; HarborGuard monitors the advisory on every ingest cycle and will surface the rebuild option automatically once Oracle ships a patch. In the interim, customers can apply compensating controls through HarborGuard network policy recommendations: isolating WebCenter Content pods behind an ingress layer that enforces strict referrer and origin validation, applying egress filtering to limit lateral reach consistent with the CVSS scope-change risk, and flagging any image containing this component for heightened review in compliance dashboards. Where compliance policy permits, auto-remediation will trigger a rebuild, regression test run, and PR against affected workloads with no manual steps required as soon as a fix version is confirmed by Oracle.

See how HarborGuard automates this
Affected packages
  • Oracle Corporation / Oracle WebCenter Content
    14.1.2.0.0
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
References