HarborGuardharborguardDatabase
Back to search
CRITICALCVE-2026-46803Published Modified CNA oracle

CVE-2026-46803: Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion Middleware (component: Security Framework)

Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion Middleware (component: Security Framework). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Portal. While the vulnerability is in Oracle WebCenter Portal, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle WebCenter Portal. CVSS 3.1 Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).

Metrics

CVSS v3.1
10.0
Severity
CRITICAL
Fixed in
Affected Products
1

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

A critical authentication bypass (or equivalent unauthenticated takeover) vulnerability exists in the Security Framework component of Oracle WebCenter Portal, affecting versions 12.2.1.4.0 and 14.1.2.0.0. The flaw is reachable over the network via HTTP and requires no credentials or user interaction to exploit. Successful exploitation gives an attacker full takeover of the portal, with spillover impact extending to additional products in the same environment. No fix version has been published yet; HarborGuard is tracking the advisory and will make a patched-image rebuild available as soon as Oracle ships a patch.

HarborGuard Coverage

Detection

Detection for CVE-2026-46803 is available across every HarborGuard environment: the CVE is ingested from upstream feeds within minutes of publication and matched against all customer images, including custom-built images that package Oracle WebCenter Portal. Any image carrying an affected version (12.2.1.4.0 or 14.1.2.0.0) of the Security Framework component is flagged automatically.

Available
Triage

HarborGuard surfaces this CVE with its CVSS 3.1 score of 10.0 (Critical) and applies per-environment compliance policy weighting to calculate priority, then routes the finding to the appropriate team inbox within each customer organization. Given the Critical severity and scope-change flag in the CVSS vector, it is eligible for the highest-priority triage queue under most default policy configurations.

Available
Patch

Because no fix version has been published by Oracle, no patched-image rebuild is available at this time. HarborGuard re-checks the advisory on every ingest cycle and will make a rebuilt image available automatically the moment Oracle publishes a fix, with auto-remediation customers receiving a regression-test run and a PR opened against affected workloads.

Pending upstream

Exploit Conditions

  • Network reachabilityRequired

    The attacker must reach the Oracle WebCenter Portal service over the network via HTTP; no local or physical access is needed.

  • AuthenticationNot required

    No credentials of any privilege level are required; the attacker can exploit this as a completely unauthenticated party.

  • Victim interactionNot required

    No user or administrator action (such as clicking a link or opening a file) is needed to trigger the vulnerability.

  • Attack complexityDetail

    Attack complexity is Low, meaning the exploit is reliable and requires no special conditions, race timing, or knowledge of memory layout.

Blast Radius

  • A successful attacker achieves full takeover of Oracle WebCenter Portal, gaining the ability to read all portal content and stored credentials, including session tokens and user account data.
  • The attacker can modify or delete any persisted data within the portal, including pages, user configurations, and security policies.
  • The attacker can crash or render the portal service fully unavailable, disrupting all dependent business workflows.
  • Because the CVSS vector carries a scope change, the attacker can pivot from the portal to compromise additional co-located Fusion Middleware products beyond the initial target.

How HarborGuard Handles This

Available on HarborGuard: detection for this CVE is active across all environments scanning images that include Oracle WebCenter Portal 12.2.1.4.0 or 14.1.2.0.0. Because Oracle has not yet published a fix, no automated rebuild or patch PR is available at this time. HarborGuard re-evaluates the advisory on every ingest cycle; when Oracle publishes a patch, a rebuilt image will become available immediately, and customers with auto-remediation enabled will receive a rebuild, a regression-test run, and a PR opened against affected workloads. In the interim, consider compensating controls such as network-policy rules that restrict inbound HTTP access to the portal to known-safe source ranges, egress filtering to limit lateral movement in the event of compromise, and temporary disabling of non-essential portal features that increase the exposed attack surface. Where compliance policy requires, manually escalate affected image findings to the infrastructure team for tracking against Oracle's patch release.

See how HarborGuard automates this
Affected packages
  • Oracle Corporation / Oracle WebCenter Portal
    12.2.1.4.0 · 14.1.2.0.0
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
References