HarborGuardharborguardDatabase
Back to search
CRITICALCVE-2026-46789Published Modified CNA oracle

CVE-2026-46789: Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware (component: Content Server)

Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware (component: Content Server). The supported version that is affected is 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Content. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebCenter Content, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle WebCenter Content. CVSS 3.1 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).

Metrics

CVSS v3.1
9.6
Severity
CRITICAL
Fixed in
Affected Products
1

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

A critical unauthenticated remote vulnerability affects Oracle WebCenter Content version 14.1.2.0.0 (Content Server component). The attack is reachable over HTTP with no credentials required, but it does need a victim user to interact, such as clicking a crafted link. Successful exploitation gives an attacker full takeover of the Content Server instance, with cascading impact on adjacent products due to a scope change in the CVSS rating. No patch has been published by Oracle; HarborGuard is tracking the advisory and will make a patched-image rebuild available the moment upstream ships a fix.

HarborGuard Coverage

Detection

Detection is available across every HarborGuard environment: the CVE is ingested from Oracle and NVD advisory feeds within minutes of publication and matched against customer images in connected registries and CI/CD pipelines, including custom-built images that package Oracle WebCenter Content. Images running version 14.1.2.0.0 of the Content Server component are flagged automatically.

Available
Triage

HarborGuard scores this CVE at CVSS 9.6 Critical and is capable of weighting that score against each environment's compliance policy to determine breach of policy thresholds. Triage tickets are routable to the appropriate team inbox within each customer organization based on configured ownership rules for Oracle Fusion Middleware workloads.

Available
Patch

No fix version has been published by Oracle at this time. HarborGuard re-checks the advisory on every ingest cycle and will make a patched-image rebuild available automatically the moment an upstream fix is released. For customers with auto-remediation enabled, the rebuild, regression-test run, and PR against affected workloads will be triggered without manual intervention as soon as a fix version becomes available.

Pending upstream

Exploit Conditions

  • Network reachabilityRequired

    The attacker must reach the Content Server over the network via HTTP; no prior foothold on the host is needed.

  • AuthenticationNot required

    No credentials of any kind are needed; the vulnerability is exposed to unauthenticated HTTP requests.

  • Victim interactionRequired

    A user other than the attacker must perform an action, such as following a crafted HTTP link, for the attack to succeed.

  • Attack complexityDetail

    Attack complexity is Low, meaning the exploit is reliable and requires no special race conditions, environment tuning, or timing.

Blast Radius

  • Reads all documents, metadata, and access-controlled content stored in the WebCenter Content repository.
  • Modifies or deletes persisted content records, workflows, and configuration data within Content Server.
  • Crashes or fully disrupts the Content Server service, making managed content unavailable to all dependent users and applications.
  • Compromises additional products connected to the WebCenter Content instance due to a CVSS scope change, extending the attacker's reach beyond the directly affected component.

How HarborGuard Handles This

Available on HarborGuard: continuous advisory monitoring is active for CVE-2026-46789 because Oracle has not yet published a fix for WebCenter Content 14.1.2.0.0. On every ingest cycle, HarborGuard re-checks the upstream Oracle and NVD feeds for a patch release. The moment a fix version is published, a patched-image rebuild becomes available, and for customers with auto-remediation enabled, HarborGuard opens a PR against affected workloads with the rebuilt image attached and regression tests run. In the interim, HarborGuard recommends applying network-policy controls to restrict inbound HTTP access to Content Server endpoints to trusted source ranges only, and using egress filtering to limit lateral movement if a compromise occurs. Customers can also use feature-flag or WAF rule gating in front of the Content Server HTTP interface as a compensating control while awaiting the Oracle patch.

See how HarborGuard automates this
Affected packages
  • Oracle Corporation / Oracle WebCenter Content
    14.1.2.0.0
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
References