HarborGuardharborguardDatabase
Back to search
CRITICALCVE-2026-46795Published Modified CNA oracle

CVE-2026-46795: Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware (component: Content Server)

Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware (component: Content Server). The supported version that is affected is 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Content. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebCenter Content, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle WebCenter Content accessible data as well as unauthorized access to critical data or complete access to all Oracle WebCenter Content accessible data. CVSS 3.1 Base Score 9.3 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N).

Metrics

CVSS v3.1
9.3
Severity
CRITICAL
Fixed in
Affected Products
1

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

This is a critical-severity cross-scope injection or content-tampering vulnerability in the Content Server component of Oracle WebCenter Content (version 14.1.2.0.0), part of Oracle Fusion Middleware. An unauthenticated attacker reachable over HTTP can exploit it by tricking a user into interacting with a malicious link or page, with no credentials required on the attacker's side. Successful exploitation gives the attacker full read access to all WebCenter Content data and the ability to create, modify, or delete critical content, with impact that can extend beyond the directly targeted product instance. No fix version has been published yet; HarborGuard tracks this advisory and will surface patch availability the moment Oracle ships a corrected release.

HarborGuard Coverage

Detection

Detection is available across every HarborGuard environment: the CVE is ingested from upstream Oracle and NVD feeds within minutes of publication and matched against customer images, including custom-built images that bundle Oracle WebCenter Content 14.1.2.0.0. Any image carrying an affected version is flagged automatically in the pipeline without manual intervention.

Available
Triage

HarborGuard scores this CVE at CVSS 9.3 (Critical) and weights it against each environment's configured compliance policy to determine urgency and routing. Triage findings are delivered to the appropriate team inbox within each customer organization based on workload ownership rules they have defined.

Available
Patch

Because no upstream fix version has been published, HarborGuard re-checks the Oracle advisory on every ingest cycle and will make a patched-image rebuild available the moment Oracle releases a corrected package. For customers with auto-remediation enabled, the rebuild, regression test run, and PR against affected workloads will be triggered automatically as soon as a fix becomes available.

Pending upstream

Exploit Conditions

  • Network reachabilityRequired

    The attacker must reach the Content Server over the network via HTTP; there is no requirement for local or physical access.

  • AuthenticationNot required

    No credentials of any kind are needed; the attacker can initiate the attack as a completely anonymous network user.

  • Victim interactionRequired

    A person other than the attacker must perform some interaction (such as clicking a crafted link or visiting a malicious page) for the exploit to succeed.

  • Attack complexityDetail

    Attack complexity is low, meaning the exploit is reliable and requires no special preconditions, race conditions, or environmental setup beyond reaching the service.

Blast Radius

  • Reads all data accessible within Oracle WebCenter Content, including documents, records, and stored credentials or tokens managed by the content repository.
  • Creates, modifies, or deletes critical content objects within the repository, enabling persistent data corruption or destruction of records.
  • Because the CVSS scope is changed, impact can propagate to other products or components that rely on or trust data served by the WebCenter Content instance.

How HarborGuard Handles This

Available on HarborGuard: images containing Oracle WebCenter Content 14.1.2.0.0 are matched against this CVE within minutes of advisory ingestion, and the finding is routed to the appropriate team based on each organization's compliance policy. Because Oracle has not yet published a fix, HarborGuard monitors the upstream advisory on every ingest cycle and will make a patched-image rebuild available immediately upon Oracle releasing a corrected version. For customers with auto-remediation enabled, that rebuild will trigger a regression test run and open a PR against affected workloads without manual steps. In the interim, compensating controls worth evaluating include network-policy rules that restrict HTTP access to the Content Server to known trusted clients only, egress filtering to limit lateral movement in the event of a scope-change exploit, and feature-flag gating of any public-facing WebCenter Content endpoints where the business permits it.

See how HarborGuard automates this
Affected packages
  • Oracle Corporation / Oracle WebCenter Content
    14.1.2.0.0
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
References