HarborGuardharborguardDatabase
Back to search
HIGHCVE-2026-46806Published Modified CNA oracle

CVE-2026-46806: Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware (component: Content Server)

Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware (component: Content Server). The supported version that is affected is 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle WebCenter Content. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebCenter Content, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebCenter Content accessible data as well as unauthorized update, insert or delete access to some of Oracle WebCenter Content accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).

Metrics

CVSS v3.1
8.2
Severity
HIGH
Fixed in
Affected Products
1

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

This is a cross-site scripting or similar client-side injection vulnerability (scope-changing, unauthenticated) in Oracle WebCenter Content version 14.1.2.0.0, specifically in the Content Server component. It is reachable over the network via HTTPS without any authentication, but requires a victim to interact with attacker-controlled content, and it carries a changed scope meaning successful exploitation affects resources beyond the vulnerable component itself. A successful attack gives the attacker read access to all data accessible to Oracle WebCenter Content and limited write access (insert, update, delete) to some of that data. HarborGuard is tracking this advisory and will make a patched-image rebuild available the moment Oracle publishes a fix.

HarborGuard Coverage

Detection

Detection capability is available across every HarborGuard environment: the CVE is ingested from upstream Oracle and NVD feeds within minutes of publication and matched against customer images in connected registries and CI/CD pipelines, including custom-built images that bundle Oracle WebCenter Content 14.1.2.0.0.

Available
Triage

HarborGuard surfaces this issue with its CVSS 3.1 score of 8.2 (HIGH) and applies each customer organization's compliance policy weighting to determine urgency, then routes the finding to the appropriate team inbox within that org.

Available
Patch

No fix version has been published by Oracle at this time. HarborGuard re-checks the advisory on every ingest cycle and will make a patched-image rebuild available automatically the moment an upstream fix is released. For customers with auto-remediation enabled, the rebuild, regression run, and PR against affected workloads will be initiated without manual intervention.

Pending upstream

Exploit Conditions

  • Network reachabilityRequired

    The attacker must reach the Content Server over the network via HTTPS; no local or physical access is required.

  • AuthenticationNot required

    No account or credentials are needed; the attacker can engage the vulnerable endpoint as a completely anonymous user.

  • Victim interactionRequired

    A person other than the attacker must interact with attacker-supplied content (for example, visiting a crafted link or page) for the attack to succeed.

  • Attack complexityDetail

    Attack complexity is low, meaning the exploit is reliable and requires no special conditions, race timing, or environmental configuration.

Blast Radius

  • The attacker reads all data accessible to the Oracle WebCenter Content instance, including documents, metadata, and stored content that may contain sensitive business or personal information.
  • The attacker performs unauthorized insert, update, or delete operations against a subset of Oracle WebCenter Content data, allowing tampering with stored records or documents.
  • Because the CVSS scope is changed, the impact can extend beyond Oracle WebCenter Content itself to other products or services that share the same session context or trust boundary.

How HarborGuard Handles This

Available on HarborGuard: this CVE is matched against all customer images containing Oracle WebCenter Content 14.1.2.0.0 as soon as it is ingested, with no manual configuration required. Because Oracle has not yet published a fix, the recommended near-term mitigations are network-policy isolation (restrict HTTPS access to the Content Server to known, trusted IP ranges), egress filtering to limit what an injected script can reach, and disabling or gating any Content Server features that accept and render user-supplied URLs or markup. HarborGuard monitors the Oracle advisory on every ingest cycle; when Oracle ships a patched release, a rebuilt image at that version becomes available automatically. For customers with auto-remediation enabled, HarborGuard will initiate a rebuild, run regression tests, and open a PR against affected workloads without manual intervention.

See how HarborGuard automates this
Affected packages
  • Oracle Corporation / Oracle WebCenter Content
    14.1.2.0.0
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N
References