Skip to main content

Oracle WebCenter Portal CVE-2026-46767

| EUVDEUVD-2026-37456 CRITICAL
Improper Access Control (CWE-284)
2026-06-16 oracle
9.9
CVSS 3.1 · Vendor: oracle
Share

Severity by source

Vendor (oracle) PRIMARY
9.9 CRITICAL
AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
vuln.today AI
9.9 CRITICAL

Network-reachable HTTP endpoint (AV:N), Oracle states easily exploitable (AC:L), any authenticated portal user suffices (PR:L), no victim interaction (UI:N), scope change into Fusion Middleware (S:C) with full takeover (C/I/A:H).

3.1 AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Primary rating from Vendor (oracle).

CVSS VectorVendor: oracle

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
Analysis Generated
Jun 16, 2026 - 23:12 vuln.today

DescriptionCVE.org

Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion Middleware (component: Composer). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle WebCenter Portal. While the vulnerability is in Oracle WebCenter Portal, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle WebCenter Portal. CVSS 3.1 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).

AnalysisAI

Privilege escalation to full takeover in Oracle WebCenter Portal 12.2.1.4.0 and 14.1.2.0.0 allows a low-privileged authenticated attacker with HTTP network access to compromise the Composer component and, due to a CVSS scope change, impact additional downstream products. The flaw carries a CVSS 3.1 base score of 9.9 and is marked easily exploitable by Oracle, though no public exploit identified at time of analysis. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Identify exposed WebCenter Portal instance
Delivery
Obtain low-privileged portal account
Exploit
Send crafted HTTP request to Composer
Execution
Bypass authorization boundary (scope change)
Persist
Execute actions in Fusion Middleware context
Impact
Full portal takeover and lateral movement

Vulnerability AssessmentAI

Exploitation Attacker needs network reachability to the Oracle WebCenter Portal HTTP(S) endpoint and any low-privileged authenticated session on the portal (PR:L) - typically any standard portal user account, including self-registered ones where open registration is enabled. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment All available signals point to a high-priority issue: CVSS 3.1 vector AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H yields 9.9 - network-reachable, low complexity, only low privileges required, no user interaction, scope-changing with full confidentiality, integrity, and availability impact. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker obtains or registers a low-privileged account on an internet-exposed Oracle WebCenter Portal (a standard portal user, self-service registrant, or a phished employee credential), then sends a crafted HTTP request to the Composer component that abuses its customization logic to escape the portal's authorization boundary. Because of the CVSS scope change, the resulting code or data-access primitive lands in the surrounding Fusion Middleware/WebLogic context, giving the attacker full takeover of the portal and a foothold into integrated content and identity systems. …
Remediation Apply the patches from the Oracle Critical Patch Update of June 2026 referenced at https://www.oracle.com/security-alerts/cspujun2026.html as the primary remediation; Oracle bundles the WebCenter Portal fixes for 12.2.1.4.0 and 14.1.2.0.0 within that CPU and the exact post-patch build numbers are listed in the advisory's product-specific patch matrix. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Inventory all systems running Oracle WebCenter Portal 12.2.1.4.0 or 14.1.2.0.0; restrict network access to the Composer component and enforce strict authentication controls limiting session privileges to authorized administrators. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-46767 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy