What is the CVSS score of CVE-2026-46789?

CVE-2026-46789 has a CVSS 3.1 base score of 9.6 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H. EPSS exploitation probability: 0.4%.

Which versions of Oracle WebCenter Content are affected by CVE-2026-46789?

Oracle WebCenter Content 14.1.2.0.0 deployments face critical risk from an unauthenticated remote vulnerability (CVE-2026-46789, CVSS 9.6) with no patch available-any attacker on the network can…

How to fix or mitigate CVE-2026-46789?

24 hours: Inventory all systems running Oracle WebCenter Content 14.1.2.0.0 and assess data criticality; immediately restrict network access to Content Server to trusted internal networks only. 7 days: Contact Oracle Support to confirm patch timeline and ETA; evaluate network segmentation and Web Application Firewall deployment for HTTP traffic filtering. 30 days: Implement persistent network isolation, enable detailed Content Server logging and monitoring, and establish upgrade plan for patched version upon vendor release.

Oracle WebCenter Content CVE-2026-46789

EUVD-2026-37307 CRITICAL

Missing Authentication for Critical Function (CWE-306)

2026-06-16 oracle

Oracle Oracle Webcenter Content Authentication Bypass

9.6

CVSS 3.1 · Vendor: oracle

Severity by source

Vendor (oracle) PRIMARY

9.6 CRITICAL

AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

vuln.today AI

9.6 CRITICAL

Network HTTP reach with no attacker auth (AV:N/PR:N), low complexity, but victim interaction required (UI:R); scope changes to other products with full CIA loss per Oracle's takeover description.

3.1 AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

4.0 AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Primary rating from Vendor (oracle).

CVSS VectorVendor: oracle

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Jun 16, 2026 - 23:02 vuln.today

DescriptionCVE.org

Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware (component: Content Server). The supported version that is affected is 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Content. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebCenter Content, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle WebCenter Content. CVSS 3.1 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).

AnalysisAI

Remote takeover of Oracle WebCenter Content 14.1.2.0.0 (Content Server component) is achievable by unauthenticated network attackers who can lure a victim into triggering a crafted HTTP interaction, with scope change extending impact to additional products. Oracle's June 2026 Critical Patch Update advisory (cspujun2026) assigns CVSS 9.6 reflecting full confidentiality, integrity, and availability loss, and no public exploit identified at time of analysis.

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access

Identify exposed WebCenter Content 14.1.2.0.0 instance

Delivery

Craft malicious HTTP payload/link

Exploit

Deliver to privileged user via phishing

Execution

Victim renders content in authenticated session

Persist

Scope-changed exploit executes across products

Impact

Take over Content Server and pivot

Access

Identify exposed WebCenter Content 14.1.2.0.0 instance

Delivery

Craft malicious HTTP payload/link

Exploit

Deliver to privileged user via phishing

Execution

Victim renders content in authenticated session

Persist

Scope-changed exploit executes across products

Impact

Take over Content Server and pivot

Vulnerability AssessmentAI

Exploitation	Exploitation requires (1) network HTTP/HTTPS reachability to an Oracle WebCenter Content 14.1.2.0.0 Content Server instance, and (2) human interaction from a victim other than the attacker - per the description and UI:R in the CVSS vector - meaning a legitimate user (typically an authenticated WebCenter operator or admin) must click a link, open a crafted document, or render attacker-supplied content in their browser session. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment	All signals point to a high-priority issue: CVSS 9.6 with AV:N/AC:L/PR:N reflects an internet-reachable, low-complexity, unauthenticated attack, while S:C with C:H/I:H/A:H confirms total compromise that spills into adjacent products - significant for tightly integrated Fusion Middleware deployments. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	An attacker emails a WebCenter Content administrator a link or document preview URL that, when opened in the admin's authenticated browser, triggers a crafted HTTP interaction against Content Server; the scope-changing flaw then leverages the admin's session to perform privileged actions across the integrated Fusion Middleware stack, resulting in takeover of WebCenter Content and lateral impact on connected products. No public exploit identified at time of analysis, so this scenario is inferred from the CVSS vector (AV:N/AC:L/PR:N/UI:R/S:C) rather than observed tradecraft.
Remediation	Apply the patch available per vendor advisory in the Oracle Critical Patch Update June 2026 (https://www.oracle.com/security-alerts/cspujun2026.html) to Oracle WebCenter Content 14.1.2.0.0; Oracle's CPU bundles do not always expose a discrete fix-version string in the entry, so administrators should map their installation to the CPU's WebCenter Content patch ID and stage it in a non-production environment first because Fusion Middleware CPUs frequently require coordinated OPatch runs and WebLogic restarts. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

24 hours: Inventory all systems running Oracle WebCenter Content 14.1.2.0.0 and assess data criticality; immediately restrict network access to Content Server to trusted internal networks only. …

Threat intelligence, references, and detailed analysis are available after sign-in.

More from same product – last 7 days

CVE-2026-35316 CRITICAL Act Now

9.9 Jun 16

Account takeover in Oracle WebCenter Content 12.2.1.4.0 and 14.1.2.0.0 (Content Server component) allows a low-privilege

CVE-2026-35321 CRITICAL Act Now

9.9 Jun 16

Takeover of Oracle WebCenter Content 12.2.1.4.0 and 14.1.2.0.0 is achievable by a low-privileged remote attacker over HT

CVE-2026-35323 CRITICAL Act Now

9.9 Jun 16

Takeover of Oracle WebCenter Content 12.2.1.4.0 and 14.1.2.0.0 is possible by a low-privileged attacker sending HTTP req

CVE-2026-35286 CRITICAL Act Now

9.8 Jun 16

Remote takeover of Oracle WebCenter Content 12.2.1.4.0 and 14.1.2.0.0 allows unauthenticated network attackers to fully

CVE-2026-35319 CRITICAL Act Now

9.8 Jun 16

Remote unauthenticated takeover of Oracle WebCenter Content 12.2.1.4.0 and 14.1.2.0.0 is possible via the Content Server

CVE-2026-46789 vulnerability details – vuln.today

Back

Oracle WebCenter Content CVE-2026-46789

Severity by source

CVSS VectorVendor: oracle

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Unlock full vulnerability intelligence

Attack ChainAIDerived

Vulnerability AssessmentAI

Recommended ActionAI

More from same product – last 7 days

Share

External POC / Exploit Code