HarborGuardharborguardDatabase
Back to search
HIGHCVE-2026-46787Published Modified CNA oracle

CVE-2026-46787: Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware (component: Content Server)

Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware (component: Content Server). The supported version that is affected is 14.1.2.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Content. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebCenter Content, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle WebCenter Content accessible data as well as unauthorized access to critical data or complete access to all Oracle WebCenter Content accessible data. CVSS 3.1 Base Score 8.0 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N).

Metrics

CVSS v3.1
8.0
Severity
HIGH
Fixed in
Affected Products
1

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

This is a network-accessible vulnerability in the Content Server component of Oracle WebCenter Content (version 14.1.2.0.0), part of Oracle Fusion Middleware. An unauthenticated remote attacker can exploit it over HTTP, but exploitation is difficult and requires a victim to interact with attacker-controlled content. Successful exploitation gives the attacker full read and write access to critical data within Oracle WebCenter Content, with a scope change meaning impact can spill into adjacent products or components. No fix version has been published yet; HarborGuard tracks this advisory and will surface a patched-image rebuild the moment Oracle releases one.

HarborGuard Coverage

Detection

Detection capability for CVE-2026-46787 is available across every HarborGuard environment: the CVE is ingested from upstream feeds within minutes of publication and matched against all customer images, including custom-built images that package Oracle WebCenter Content components. Any image carrying the affected 14.1.2.0.0 artifact is flagged immediately on the next scan cycle.

Available
Triage

HarborGuard scores this CVE at 8.0 HIGH using the CVSS v3.1 vector and surfaces it with that severity weighting inside each customer org's compliance policy engine. Triage findings are routed to the appropriate team inbox based on each environment's configured policy, so the right engineers see the alert without manual filtering.

Available
Patch

No fix version has been published by Oracle for this CVE. HarborGuard re-checks the advisory on every ingest cycle and will make a patched-image rebuild available automatically the moment Oracle publishes a corrected release. In the interim, HarborGuard surfaces compensating-control recommendations such as network-policy isolation for the Content Server component and egress filtering to reduce exposure.

Pending upstream

Exploit Conditions

  • Network reachabilityRequired

    The attacker must reach the Oracle WebCenter Content HTTP service over the network; no local or physical access is needed, but the service must be network-exposed.

  • AuthenticationNot required

    No credentials are needed; the attacker can initiate the attack as an unauthenticated user.

  • Victim interactionRequired

    A person other than the attacker must interact with attacker-controlled content (for example, clicking a crafted link or visiting a malicious page) for the attack to succeed.

  • Attack complexityDetail

    Exploitation is rated High complexity, meaning the attacker must satisfy specific preconditions or timing constraints beyond basic network access, making reliable exploitation harder to achieve.

Blast Radius

  • The attacker reads all data accessible to Oracle WebCenter Content, including documents, metadata, and stored credentials or session material managed by Content Server.
  • The attacker creates, modifies, or deletes critical content records and configuration data within Oracle WebCenter Content.
  • Because the CVSS scope is changed, impact can extend to other products or components that trust or consume data from the compromised Content Server instance.
  • Availability is not directly impacted; the service itself remains up, but the integrity and confidentiality of its data are fully compromised.

How HarborGuard Handles This

Available on HarborGuard: because Oracle has not yet published a fix for CVE-2026-46787, the platform monitors the upstream advisory on every ingest cycle and will automatically trigger a patched-image rebuild for affected environments the moment a corrected release appears. Until then, HarborGuard surfaces compensating-control guidance for environments running Oracle WebCenter Content 14.1.2.0.0: consider applying network policy to restrict inbound HTTP access to Content Server to known, trusted sources; enable egress filtering to limit what downstream systems the server can reach (reducing scope-change impact); and evaluate feature-flag or WAF-level controls that can block or sandbox the interaction patterns this vulnerability relies on. For customers with auto-remediation enabled, the rebuild, regression test run, and PR against affected workloads will be initiated automatically once Oracle ships a patch, with no manual trigger required.

See how HarborGuard automates this
Affected packages
  • Oracle Corporation / Oracle WebCenter Content
    14.1.2.0.0
CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N
References