How is CVE-2026-46791 exploited?

Network reachability (required): The attacker must reach the Content Server over the network via HTTP; no local or physical access is required. Authentication (not-required): No credentials are needed; an unauthenticated attacker can trigger the vulnerability directly. Victim interaction (not-required): The attack is fully server-side and succeeds without any action from a user or administrator. Attack complexity (info): Exploit complexity is low, meaning the attack is reliable and requires no special conditions, race timing, or environmental factors to succeed.

What is the impact of CVE-2026-46791?

Reads any document, record, or file stored in or accessible by the Oracle WebCenter Content repository. Reads user account data, metadata, and access-control configurations exposed through the Content Server. Enables an attacker to map the full corpus of managed content, which can serve as a stepping stone for targeted follow-on attacks using harvested data.

Back to search

HIGHCVE-2026-46791Published 2026-06-16Modified 2026-06-16CNA oracle

CVE-2026-46791: Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware (component: Content Server)

Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware (component: Content Server). The supported version that is affected is 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Content. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebCenter Content accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

CVSS v3.1: 7.5
Severity: HIGH
Fixed in: —
Affected Products: 1

HarborGuard Analysis

Synopsis

An unauthenticated information-disclosure vulnerability exists in the Content Server component of Oracle WebCenter Content (version 14.1.2.0.0), part of Oracle Fusion Middleware. The flaw is reachable over the network via HTTP and requires no credentials or user interaction to exploit. Successful exploitation gives an attacker full read access to all data the Content Server can access, including potentially sensitive documents and records. HarborGuard is tracking this advisory and will make a patched-image rebuild available as soon as Oracle publishes a fix version.

HarborGuard Coverage

Detection

Detection capability for CVE-2026-46791 is available across every HarborGuard environment: the CVE is ingested from upstream feeds within minutes of publication and matched against all customer images, including custom-built images that bundle Oracle WebCenter Content 14.1.2.0.0.

Available

Triage

HarborGuard scores this CVE at 7.5 HIGH (CVSS v3.1) and surfaces it in each customer's triage queue, weighted against that environment's compliance policy; routing rules direct the alert to the appropriate team inbox within the customer organization.

Available

Patch

Because no fix version has been published by Oracle, HarborGuard re-checks the advisory on every ingest cycle and will make a patched-image rebuild available automatically the moment an upstream fix is released. Customers with auto-remediation enabled will receive the rebuild, a regression-test run, and a PR opened against affected workloads without manual intervention.

Pending upstream

Exploit Conditions

Network reachabilityRequired
The attacker must reach the Content Server over the network via HTTP; no local or physical access is required.
AuthenticationNot required
No credentials are needed; an unauthenticated attacker can trigger the vulnerability directly.
Victim interactionNot required
The attack is fully server-side and succeeds without any action from a user or administrator.
Attack complexityDetail
Exploit complexity is low, meaning the attack is reliable and requires no special conditions, race timing, or environmental factors to succeed.

Blast Radius

Reads any document, record, or file stored in or accessible by the Oracle WebCenter Content repository.
Reads user account data, metadata, and access-control configurations exposed through the Content Server.
Enables an attacker to map the full corpus of managed content, which can serve as a stepping stone for targeted follow-on attacks using harvested data.

How HarborGuard Handles This

Available on HarborGuard: because Oracle has not yet published a fix for this CVE, HarborGuard monitors the upstream advisory on every ingest cycle and will surface a patched-image rebuild the moment a fix version is released. In the interim, compensating controls are worth considering: network-policy rules that restrict HTTP access to the Content Server to known, trusted source CIDRs; egress filtering to limit what data the service can reach if it is already exposed; and review of any public-facing ingress routes that terminate at WebCenter Content. For customers with auto-remediation enabled, once a fix is published the pipeline will automatically rebuild the image, run regression tests, and open a PR against affected workloads. Customers without auto-remediation will receive the rebuild as an available option to apply on their own schedule.

See how HarborGuard automates this

Affected packages

Oracle Corporation / Oracle WebCenter Content
14.1.2.0.0

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References

Oracle Advisory

Metrics

Get notified