HarborGuardharborguardDatabase
Back to search
CRITICALCVE-2026-46813Published Modified CNA oracle

CVE-2026-46813: Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware (component: Content Server)

Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware (component: Content Server). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Content. Successful attacks of this vulnerability can result in takeover of Oracle WebCenter Content. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Metrics

CVSS v3.1
9.8
Severity
CRITICAL
Fixed in
Affected Products
1

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

An unauthenticated remote code execution (full system takeover) vulnerability affects Oracle WebCenter Content versions 12.2.1.4.0 and 14.1.2.0.0, specifically the Content Server component. The flaw is reachable over HTTP without any credentials or user interaction, making it trivially exploitable by any attacker who can reach the service on the network. Successful exploitation gives an attacker complete control over the affected instance, covering confidentiality, integrity, and availability. No fix version has been published by Oracle; HarborGuard is actively tracking this advisory for patch availability.

HarborGuard Coverage

Detection

Detection for CVE-2026-46813 is available across every HarborGuard environment: the CVE is ingested from upstream feeds within minutes of publication and matched against all customer images, including custom-built images containing affected versions of Oracle WebCenter Content. Matching runs continuously against both registry snapshots and images in active CI/CD pipelines.

Available
Triage

Triage is available with a CVSS 3.1 score of 9.8 (Critical), automatically weighted against each customer organization's per-environment compliance policy to reflect actual exposure level. Findings are routed to the appropriate team inbox based on configured ownership rules for the affected workload.

Available
Patch

Because no upstream fix version has been published, HarborGuard re-checks the Oracle advisory on every ingest cycle and will make a patched-image rebuild available the moment Oracle ships a corrective release. For customers with auto-remediation enabled, the rebuild, regression run, and PR against affected workloads will be triggered automatically at that point.

Pending upstream

Exploit Conditions

  • Network reachabilityRequired

    The attacker must be able to reach the Content Server over the network via HTTP; no local access or special positioning is required.

  • AuthenticationNot required

    No credentials of any kind are needed; the vulnerable endpoint is exposed to unauthenticated requests.

  • Victim interactionNot required

    The attack is fully automated and requires no action from any user of the target system.

  • Attack complexityDetail

    Exploitation is reliable and condition-free; no race conditions, memory-layout guessing, or environmental preconditions are required.

Blast Radius

  • A successful attacker gains full read access to all content managed by the Content Server, including stored documents, metadata, and access credentials cached by the application.
  • An attacker can write, modify, or delete any content or configuration data within the Oracle WebCenter Content instance.
  • The attacker achieves complete process-level control, enabling arbitrary command execution on the underlying host and lateral movement to connected systems.
  • The service can be crashed or rendered unavailable, disrupting any business workflows that depend on the Content Server for document management or publishing.

How HarborGuard Handles This

Available on HarborGuard: detection for CVE-2026-46813 is active immediately, with continuous re-scanning of all images containing Oracle WebCenter Content 12.2.1.4.0 or 14.1.2.0.0. Because Oracle has not yet published a fix, no patched-image rebuild is available at this time. HarborGuard re-evaluates the Oracle advisory on every ingest cycle and will initiate the rebuild-and-PR flow the moment a fix version is released; customers with auto-remediation enabled will receive the rebuilt image, a regression test run, and an open PR against affected workloads without manual intervention. In the interim, compensating controls worth considering include network-policy isolation that restricts HTTP access to the Content Server to known, trusted source CIDRs; egress filtering to limit what the process can reach if compromised; and feature-flag or reverse-proxy gating to disable externally exposed endpoints where business operations permit. Given the 9.8 Critical score and the zero-authentication, over-the-network exploit path, prioritizing network isolation is strongly advised until Oracle publishes a patch.

See how HarborGuard automates this
Affected packages
  • Oracle Corporation / Oracle WebCenter Content
    12.2.1.4.0 · 14.1.2.0.0
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References