Skip to main content

Oracle WebCenter Content CVE-2026-46783

| EUVDEUVD-2026-37301 CRITICAL
Missing Authentication for Critical Function (CWE-306)
2026-06-16 oracle
9.8
CVSS 3.1 · Vendor: oracle
Share

Severity by source

Vendor (oracle) PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vuln.today AI
9.8 CRITICAL

Oracle states unauthenticated HTTP exploitation is easy and results in product takeover, justifying AV:N/AC:L/PR:N/UI:N with full C/I/A impact and unchanged scope.

3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (oracle).

CVSS VectorVendor: oracle

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
Analysis Generated
Jun 16, 2026 - 23:06 vuln.today

DescriptionCVE.org

Vulnerability in the WebCenter Content: Imaging product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise WebCenter Content: Imaging. Successful attacks of this vulnerability can result in takeover of WebCenter Content: Imaging. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

AnalysisAI

Remote unauthenticated takeover of Oracle WebCenter Content: Imaging (versions 12.2.1.4.0 and 14.1.2.0.0) is possible via HTTP, per Oracle's June 2026 Critical Patch Update. With a CVSS 3.1 base score of 9.8 and AV:N/AC:L/PR:N/UI:N, the flaw in the Core component enables full compromise of confidentiality, integrity, and availability. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Identify exposed Imaging HTTP endpoint
Delivery
Send crafted unauthenticated HTTP request
Exploit
Trigger flaw in Core component
Execution
Gain takeover of Imaging service
Impact
Access documents and pivot into Fusion Middleware

Vulnerability AssessmentAI

Exploitation No special conditions - remote unauthenticated exploitation against default configurations of Oracle WebCenter Content: Imaging 12.2.1.4.0 or 14.1.2.0.0, requiring only network reachability to the product's HTTP interface (CVSS AV:N/AC:L/PR:N/UI:N). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment All available signals point to a high-priority issue: CVSS 3.1 is 9.8 with AV:N/AC:L/PR:N/UI:N (network-reachable, no authentication, no user interaction), and Oracle itself describes the flaw as 'easily exploitable' resulting in 'takeover'. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker on any network path that can reach the WebCenter Content: Imaging HTTP listener sends a single crafted HTTP request to a vulnerable endpoint in the Core component, requiring no credentials and no user interaction. The request triggers the flaw and yields full takeover of the Imaging service, allowing the attacker to read or modify scanned documents, pivot into integrated WebCenter Content repositories, and use the compromised host as a foothold into the broader Fusion Middleware estate. …
Remediation Patch available per vendor advisory: apply the fixes shipped in the Oracle Critical Patch Update of June 2026 (https://www.oracle.com/security-alerts/cspujun2026.html) for WebCenter Content: Imaging 12.2.1.4.0 and 14.1.2.0.0; no exact post-patch build number was provided in the supplied data, so confirm the specific bundle patch in Oracle's CPU matrix before deploying. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

24 hours: Identify all systems running Oracle WebCenter Content: Imaging versions 12.2.1.4.0 or 14.1.2.0.0; document network exposure and data sensitivity of affected systems. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2017-10075 HIGH POC
8.2 Aug 08

Vulnerability in the Oracle WebCenter Content component of Oracle Fusion Middleware (subcomponent: Content Server). Rate

CVE-2026-46784 CRITICAL
9.1 Jun 16

Unauthenticated remote compromise of Oracle WebCenter Content: Imaging (component: Core) in Oracle Fusion Middleware ver

CVE-2026-46780 HIGH
8.8 Jun 16

Account takeover in Oracle WebCenter Content: Imaging (Fusion Middleware) allows a low-privileged authenticated attacker

CVE-2017-10360 HIGH
8.2 Oct 19

Vulnerability in the Oracle WebCenter Content component of Oracle Fusion Middleware (subcomponent: Content Server). Rate

CVE-2017-10040 HIGH
8.2 Aug 08

Vulnerability in the Oracle WebCenter Content component of Oracle Fusion Middleware (subcomponent: Content Server). Rate

CVE-2017-3625 HIGH
8.2 Apr 24

Vulnerability in the Oracle WebCenter Content component of Oracle Fusion Middleware (subcomponent: Content Server). Rate

CVE-2018-2828 HIGH
8.2 Apr 19

Vulnerability in the Oracle WebCenter Content component of Oracle Fusion Middleware (subcomponent: Content Server). Rate

CVE-2018-2596 HIGH
8.2 Jan 18

Vulnerability in the Oracle WebCenter Content component of Oracle Fusion Middleware (subcomponent: Content Server). Rate

CVE-2018-2564 HIGH
8.2 Jan 18

Vulnerability in the Oracle WebCenter Content component of Oracle Fusion Middleware (subcomponent: Content Server). Rate

CVE-2024-20928 MEDIUM
6.1 Jan 16

Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware (component: Content Server). Rated med

CVE-2023-22126 MEDIUM
5.3 Oct 17

Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware (component: Content Server). Rated med

Share

CVE-2026-46783 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy