HarborGuardharborguardDatabase
Back to search
HIGHCVE-2026-46788Published Modified CNA oracle

CVE-2026-46788: Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware (component: Content Server)

Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware (component: Content Server). The supported version that is affected is 14.1.2.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebCenter Content. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebCenter Content, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle WebCenter Content. CVSS 3.1 Base Score 8.4 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H).

Metrics

CVSS v3.1
8.4
Severity
HIGH
Fixed in
Affected Products
1

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

A high-severity vulnerability affects the Content Server component of Oracle WebCenter Content (version 14.1.2.0.0), part of Oracle Fusion Middleware. The flaw is reachable over the network via HTTP and requires an attacker to hold an administrative or high-privileged account, plus a separate user to interact with a crafted request or resource. Successful exploitation results in full takeover of Oracle WebCenter Content, including complete read, write, and availability impact that extends beyond the directly affected product due to a scope change. No fix version has been published yet; HarborGuard is tracking the advisory and will surface a patched-image rebuild the moment Oracle releases one.

HarborGuard Coverage

Detection

Detection is available across every HarborGuard environment: the CVE is ingested from upstream feeds within minutes of publication and matched against customer images in registries, CI/CD pipelines, and custom-built images derived from Oracle Fusion Middleware base layers. Any image carrying the affected Oracle WebCenter Content 14.1.2.0.0 artifact is flagged automatically.

Available
Triage

HarborGuard is capable of scoring this CVE at its CVSS 3.1 base score of 8.4 (HIGH) and weighting that score against each customer environment's compliance policy to determine urgency and routing. Triage findings are surfaced to the appropriate team inbox within each customer organization based on policy configuration.

Available
Patch

Because no upstream fix version exists for CVE-2026-46788 at this time, HarborGuard re-checks the Oracle advisory on every ingest cycle and will make a patched-image rebuild available immediately when Oracle publishes a corrected release. For customers with auto-remediation enabled, the rebuild, regression-test run, and PR against affected workloads will be triggered automatically at that point.

Pending upstream

Exploit Conditions

  • Network reachabilityRequired

    The attacker must reach the Oracle WebCenter Content Server over the network via HTTP; no local or physical access is required.

  • AuthenticationRequired

    A high-privileged (administrative) account on the target system is needed before the attack can proceed.

  • Victim interactionRequired

    A separate, non-attacker user must interact with attacker-supplied content (for example, by visiting a crafted URL or opening a malicious resource) for the attack to succeed.

  • Attack complexityDetail

    Attack complexity is low, meaning the exploit is reliable and does not depend on race conditions, specific memory layout, or other variable environmental factors.

Blast Radius

  • A successful attacker reads all content, documents, and metadata stored in Oracle WebCenter Content, including any confidential records managed by the Content Server.
  • The attacker can modify or delete persisted content items, repository metadata, and configuration data within the Content Server.
  • The Content Server process can be crashed or made unavailable, disrupting document management and publishing workflows that depend on it.
  • Because the CVSS scope is changed, the impact can extend to other products or services sharing the same host or integration layer beyond the directly targeted Oracle WebCenter Content instance.

How HarborGuard Handles This

Available on HarborGuard: because Oracle has not yet published a fix for CVE-2026-46788, the platform monitors the Oracle advisory on every ingest cycle and will automatically make a patched-image rebuild available the moment a corrected version is released. In the interim, customers can apply compensating controls through HarborGuard network policy features, such as isolating WebCenter Content containers with restrictive ingress rules that limit HTTP access to known, trusted source IPs, and enforcing egress filtering to reduce lateral-movement exposure from a compromised Content Server. Where compliance policy permits, auto-remediation customers will receive a rebuilt image, a regression-test run, and a PR opened against affected workloads within minutes of an upstream patch becoming available. Given the CVSS 8.4 HIGH score and the scope-change characteristic of this CVE, prioritizing network isolation of affected images is strongly advised until Oracle ships a fix.

See how HarborGuard automates this
Affected packages
  • Oracle Corporation / Oracle WebCenter Content
    14.1.2.0.0
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
References