Skip to main content

Oracle WebCenter Capture CVE-2026-46781

| EUVDEUVD-2026-37299 CRITICAL
Missing Authentication for Critical Function (CWE-306)
2026-06-16 oracle
10.0
CVSS 3.1 · Vendor: oracle
Share

Severity by source

Vendor (oracle) PRIMARY
10.0 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
vuln.today AI
10.0 CRITICAL

Oracle describes unauthenticated, network-reachable RMI exploitation with full CIA takeover and impact on adjacent products, justifying AV:N/AC:L/PR:N/UI:N with scope change and high CIA.

3.1 AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Primary rating from Vendor (oracle).

CVSS VectorVendor: oracle

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
Analysis Generated
Jun 16, 2026 - 23:07 vuln.today

DescriptionCVE.org

Vulnerability in the Oracle WebCenter Enterprise Capture product of Oracle Fusion Middleware (component: Client Bundle). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via RMI to compromise Oracle WebCenter Enterprise Capture. While the vulnerability is in Oracle WebCenter Enterprise Capture, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle WebCenter Enterprise Capture. CVSS 3.1 Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).

AnalysisAI

Remote unauthenticated takeover of Oracle WebCenter Enterprise Capture 12.2.1.4.0 and 14.1.2.0.0 is possible via the RMI-based Client Bundle component, with a maximum CVSS 3.1 score of 10.0 due to a scope change that impacts additional products. Oracle's June 2026 CPU advisory is the authoritative source, and no public exploit identified at time of analysis, though the AV:N/AC:L/PR:N/UI:N profile makes weaponization plausible once technical details emerge.

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Identify exposed Capture RMI listener
Delivery
Send crafted RMI invocation to Client Bundle
Exploit
Trigger unauthenticated server-side flaw
Execution
Gain code execution in WebLogic context
Persist
Pivot across scope boundary to adjacent Fusion Middleware
Impact
Take over Capture and linked services

Vulnerability AssessmentAI

Exploitation Exploitation requires network reachability to the Oracle WebCenter Enterprise Capture server's RMI listener (Client Bundle component) on a host running version 12.2.1.4.0 or 14.1.2.0.0; no authentication, no user interaction, and no special configuration toggles are called out by Oracle, so default deployments that expose RMI to reachable network segments are vulnerable. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment All available signals point to top-tier priority: CVSS 3.1 base is 10.0 with AV:N/AC:L/PR:N/UI:N and a scope change, meaning a network-reachable, unauthenticated attacker with low complexity can fully compromise confidentiality, integrity, and availability and reach beyond the vulnerable product. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker with network reachability to the Capture server's RMI port crafts a malicious RMI invocation against the Client Bundle endpoint, triggering the underlying flaw without any credentials or user interaction. Because the scope changes, the resulting code execution or service takeover extends beyond Capture into adjacent Fusion Middleware components sharing the same WebLogic domain, enabling lateral movement to content repositories and integration accounts. …
Remediation Apply the patch available per vendor advisory in the Oracle June 2026 Critical Patch Update at https://www.oracle.com/security-alerts/cspujun2026.html, which is the primary fix for both 12.2.1.4.0 and 14.1.2.0.0; exact post-patch build identifiers should be taken directly from that advisory since the input does not include a discrete fix version string. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

24 hours: Identify all systems running Oracle WebCenter Enterprise Capture 12.2.1.4.0 or 14.1.2.0.0; restrict network access to the RMI Client Bundle component from untrusted sources. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-46781 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy