HarborGuardharborguardDatabase
Back to search
CRITICALCVE-2026-46801Published Modified CNA oracle

CVE-2026-46801: Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware (component: WebCenter Sites)

Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware (component: WebCenter Sites). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Sites. Successful attacks of this vulnerability can result in takeover of Oracle WebCenter Sites. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Metrics

CVSS v3.1
9.8
Severity
CRITICAL
Fixed in
Affected Products
1

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

A critical unauthenticated remote compromise vulnerability affects Oracle WebCenter Sites versions 12.2.1.4.0 and 14.1.2.0.0, a web content management component of Oracle Fusion Middleware. The vulnerability is reachable over the network via HTTP with no credentials required and no user interaction needed, making it trivially exploitable from any network-adjacent or internet-facing position. Successful exploitation results in full takeover of the Oracle WebCenter Sites instance, including complete loss of confidentiality, integrity, and availability. No fix version has been published by Oracle; HarborGuard is tracking the advisory and will surface a patched-image rebuild the moment upstream releases one.

HarborGuard Coverage

Detection

Detection is available across every HarborGuard environment: CVE-2026-46801 is ingested from Oracle and upstream security feeds within minutes of publication and matched against all customer images, including custom-built images that bundle Oracle WebCenter Sites 12.2.1.4.0 or 14.1.2.0.0. Any image in a connected registry or CI pipeline carrying an affected version is flagged automatically without requiring manual intervention.

Available
Triage

HarborGuard scores this CVE at 9.8 CRITICAL per CVSS v3.1 and surfaces it at the top of the severity queue in each customer environment. Per-environment compliance policy weighting is applied automatically, and findings are routed to the team inbox or ticketing integration configured for that organization.

Available
Patch

Because no upstream fix version has been published, HarborGuard re-evaluates the Oracle advisory on every ingest cycle and will make a patched-image rebuild available automatically the moment Oracle ships a remediated release. In the interim, customers can apply compensating controls directly from the HarborGuard policy console, including network-policy isolation rules and egress filtering recommendations targeted at the affected component.

Pending upstream

Exploit Conditions

  • Network reachabilityRequired

    The attacker must reach the Oracle WebCenter Sites service over the network via HTTP; no local or physical access is required, meaning any internet-exposed or internally routable instance is in scope.

  • AuthenticationNot required

    No credentials or account of any privilege level are needed; the attacker can begin exploitation as an anonymous, unauthenticated party.

  • Victim interactionNot required

    Exploitation is entirely attacker-driven and requires no action from any user or administrator of the affected system.

  • Attack complexityDetail

    Attack complexity is low, meaning the exploit is reliable and requires no special timing, race conditions, or environmental preconditions to succeed.

Blast Radius

  • A successful attacker reads all data accessible to the WebCenter Sites application, including stored content, credentials, session tokens, and any secrets held in the application context.
  • The attacker can write or modify persisted content, configuration, and database records managed by WebCenter Sites, enabling content defacement, data manipulation, or backdoor injection.
  • The attacker can crash or render the WebCenter Sites service completely unavailable, disrupting publishing workflows and any front-end sites that depend on the platform.
  • Full system takeover means the attacker can pivot from the compromised instance to other internal services reachable from the WebCenter Sites host.

How HarborGuard Handles This

Available on HarborGuard: this CVE is matched continuously against every image in connected registries and build pipelines, with findings surfaced immediately at CRITICAL severity. Because Oracle has not yet published a fix for versions 12.2.1.4.0 or 14.1.2.0.0, no patched-image rebuild is available yet; however, HarborGuard re-checks the Oracle advisory on every ingest cycle and will trigger the rebuild-and-PR flow automatically the moment a fix is released upstream. For customers who opt into auto-remediation, that flow delivers a rebuilt image, a regression-test run, and a pull request opened against affected workloads, with a median time from CVE publication to merged patch PR of around 90 minutes for critical-severity issues once an upstream fix exists. In the meantime, customers can use the HarborGuard policy console to apply compensating controls: network-policy rules that restrict inbound HTTP access to WebCenter Sites to known-safe source ranges, egress filtering to limit lateral movement from a compromised instance, and runtime admission policies that block promotion of affected image versions to production namespaces.

See how HarborGuard automates this
Affected packages
  • Oracle Corporation / Oracle WebCenter Sites
    12.2.1.4.0 · 14.1.2.0.0
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References