HarborGuardharborguardDatabase
Back to search
CRITICALCVE-2026-46847Published Modified CNA oracle

CVE-2026-46847: Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion Middleware (component: Runtime Tools)

Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion Middleware (component: Runtime Tools). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle WebCenter Portal. While the vulnerability is in Oracle WebCenter Portal, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle WebCenter Portal. CVSS 3.1 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).

Metrics

CVSS v3.1
9.9
Severity
CRITICAL
Fixed in
Affected Products
1

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

A critical-severity vulnerability in Oracle WebCenter Portal (Runtime Tools component) allows a low-privileged attacker to reach the service over HTTPS and fully compromise the portal. The CVSS 3.1 scope is marked as Changed, meaning a successful attack can spill beyond WebCenter Portal itself and affect adjacent systems or services in the same environment. Exploitation grants the attacker complete control over confidentiality, integrity, and availability, which Oracle describes as a full product takeover. HarborGuard is tracking this advisory and will make a patched-image rebuild available the moment Oracle publishes a fix version.

HarborGuard Coverage

Detection

Detection capability is available across every HarborGuard environment: the CVE is ingested from upstream Oracle and NVD feeds within minutes of publication and matched against all customer images, including custom-built images that layer Oracle WebCenter Portal components. Any image carrying an affected version (12.2.1.4.0 or 14.1.2.0.0) of the Runtime Tools component is flagged immediately.

Available
Triage

HarborGuard can score this finding at CVSS 9.9 Critical and apply per-environment compliance policy weighting to adjust urgency based on each organization's risk posture. Routed alerts are directed to the appropriate team inbox within each customer organization so the right engineers see the finding without manual triage overhead.

Available
Patch

No fix version has been published by Oracle as of this writing. HarborGuard re-checks the advisory on every ingest cycle and will make a patched-image rebuild available automatically the moment Oracle ships a corrected release. For customers with auto-remediation enabled, the rebuilt image will trigger a regression run and open a PR against affected workloads without requiring manual intervention.

Pending upstream

Exploit Conditions

  • Network reachabilityRequired

    The attacker must reach the WebCenter Portal service over the network via HTTPS; no local or physical access is required.

  • AuthenticationRequired

    Any low-privilege account is sufficient; the attacker does not need administrator or elevated credentials.

  • Victim interactionNot required

    No user action or social engineering is needed; the attacker can exploit the vulnerability entirely on their own.

  • Attack complexityDetail

    Attack complexity is Low, meaning the exploit is reliable and does not depend on race conditions, special memory layouts, or other unpredictable environmental factors.

Blast Radius

  • A successful attacker reads all data stored in and accessible through Oracle WebCenter Portal, including user credentials, session tokens, and portal content.
  • The attacker can modify or delete persisted portal data, configuration, and content managed by the Runtime Tools component.
  • The attacker can crash or render the WebCenter Portal service unavailable, disrupting access for all portal users.
  • Because the CVSS scope is Changed, the compromise can extend to other products or services sharing the same infrastructure, amplifying the impact beyond WebCenter Portal itself.

How HarborGuard Handles This

Available on HarborGuard: detection for CVE-2026-46847 is active across all customer environments, flagging images built on Oracle WebCenter Portal 12.2.1.4.0 or 14.1.2.0.0. Because Oracle has not yet published a fix version, no patched-image rebuild is available at this time. HarborGuard monitors the Oracle and NVD advisory feeds on every ingest cycle and will surface a patched rebuild automatically when Oracle ships a corrected release. In the meantime, compensating controls worth evaluating include network-policy rules that restrict HTTPS access to WebCenter Portal to known, trusted source CIDRs only; egress filtering to limit what lateral movement an attacker could achieve if the scope-change vector is exercised; and, where operationally feasible, disabling or isolating the Runtime Tools component via feature-flag or deployment configuration until a patch is available. For customers with auto-remediation enabled, the patched rebuild, regression run, and PR against affected workloads will be initiated automatically once a fix version is published, with median time from CVE publication to merged patch PR for critical-severity issues around 90 minutes in environments that permit auto-remediation.

See how HarborGuard automates this
Affected packages
  • Oracle Corporation / Oracle WebCenter Portal
    12.2.1.4.0 · 14.1.2.0.0
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
References