CVE-2026-46786
Undergoing Analysis Undergoing Analysis - In Progress
Remote Code Execution in Oracle WebCenter Content

Publication date: 2026-06-17

Last updated on: 2026-06-17

Assigner: Oracle

Description
Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware (component: Content Server). The supported version that is affected is 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Content. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebCenter Content, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle WebCenter Content. CVSS 3.1 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-17
Last Modified
2026-06-17
Generated
2026-06-17
AI Q&A
2026-06-17
EPSS Evaluated
N/A
NVD
CVE-2026-46786
EUVD
EUVD-2026-37304
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
oracle webcenter_content 14.1.2.0.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

This vulnerability allows an unauthenticated attacker to compromise Oracle WebCenter Content, potentially leading to a takeover of the system with high impacts on confidentiality, integrity, and availability.

Such a compromise could result in unauthorized access to sensitive data, which may affect compliance with data protection regulations and standards such as GDPR and HIPAA that require safeguarding confidentiality and integrity of personal and health information.

However, specific details on compliance impact or mitigation measures related to these standards are not provided.

Executive Summary

This vulnerability exists in the Oracle WebCenter Content product of Oracle Fusion Middleware, specifically in version 14.1.2.0.0. It is an easily exploitable flaw that allows an unauthenticated attacker with network access via HTTP to compromise the system. The attack requires human interaction from someone other than the attacker. The vulnerability can lead to a takeover of the Oracle WebCenter Content system and may also impact additional related products.

Impact Analysis

Successful exploitation of this vulnerability can result in a complete takeover of the Oracle WebCenter Content system. This means an attacker could gain full control, leading to severe impacts on confidentiality, integrity, and availability of the system and its data.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-46786. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart