Skip to main content

Oracle WebCenter Content CVE-2026-46806

| EUVD-2026-37324 HIGH
URL Redirection to Untrusted Site (Open Redirect) (CWE-601)
2026-06-16 oracle
Authentication Bypass Oracle Oracle Webcenter Content Open Redirect
8.2
CVSS 3.1 · Vendor: oracle
Share

Severity by source

Vendor (oracle) PRIMARY
8.2 HIGH
AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N
vuln.today AI
8.2 HIGH

Network-reachable Content Server, low complexity, no auth (PR:N), victim click required (UI:R), scope change into federated Fusion components, high confidentiality and partial integrity, no availability impact.

3.1 AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N
4.0 AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:L/VA:N/SC:H/SI:L/SA:N

Primary rating from Vendor (oracle).

CVSS VectorVendor: oracle

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
High
Integrity
Low
Availability
None

Lifecycle Timeline

1
Analysis Generated
Jun 16, 2026 - 22:54 vuln.today

DescriptionCVE.org

Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware (component: Content Server). The supported version that is affected is 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle WebCenter Content. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebCenter Content, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebCenter Content accessible data as well as unauthorized update, insert or delete access to some of Oracle WebCenter Content accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).

AnalysisAI

Cross-context compromise of Oracle WebCenter Content 14.1.2.0.0 (Content Server component) allows a remote unauthenticated attacker over HTTPS to gain high-impact read access and limited write access to managed content, with effects that cross trust boundaries into additional Oracle Fusion Middleware products (scope change). Exploitation requires a victim to interact with attacker-controlled input (UI:R), and at the time of analysis there is no public exploit identified and the issue is not listed in CISA KEV.

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Identify exposed WebCenter Content Server 14.1.2.0.0
Delivery
Craft malicious HTTPS link targeting vulnerable endpoint
Exploit
Deliver link to authenticated WebCenter user
Execution
Victim interaction triggers flaw in Content Server
Persist
Scope change extends action into federated Fusion component
Impact
Exfiltrate or tamper with accessible content
Sign in to reveal

Vulnerability AssessmentAI

Exploitation Target must be Oracle WebCenter Content 14.1.2.0.0 with the Content Server component reachable over HTTPS from the attacker (per AV:N), and a legitimate user - explicitly stated by Oracle as 'a person other than the attacker' - must perform an interaction such as clicking a crafted link or loading a crafted page (UI:R). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment Signals diverge and need to be weighed carefully. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker emails or messages a malicious HTTPS link pointing at the target organisation's WebCenter Content Server; when an authenticated WebCenter user opens it, the Content Server endpoint reflects or processes attacker-controlled content in the user's authenticated context, which the scope change lets the attacker pivot into a federated Fusion Middleware component (for example exfiltrating session material or documents the user can reach). No public exploit was identified at time of analysis.
Remediation Apply the fixes from the Oracle Critical Patch Update of June 2026 referenced at https://www.oracle.com/security-alerts/cspujun2026.html - Oracle publishes per-product patch numbers in that bulletin and those are the authoritative versions to deploy on 14.1.2.0.0; no exact post-patch build is independently confirmed outside the CPU. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Recommended ActionAI

24 hours: Inventory all Oracle WebCenter Content 14.1.2.0.0 instances and determine which handle sensitive business data. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

More from same product – last 7 days

CVE-2026-35316 CRITICAL
9.9 Jun 16

Account takeover in Oracle WebCenter Content 12.2.1.4.0 and 14.1.2.0.0 (Content Server component) allows a low-privilege
CVE-2026-35321 CRITICAL
9.9 Jun 16

Takeover of Oracle WebCenter Content 12.2.1.4.0 and 14.1.2.0.0 is achievable by a low-privileged remote attacker over HT
CVE-2026-35323 CRITICAL
9.9 Jun 16

Takeover of Oracle WebCenter Content 12.2.1.4.0 and 14.1.2.0.0 is possible by a low-privileged attacker sending HTTP req
CVE-2026-35286 CRITICAL
9.8 Jun 16

Remote takeover of Oracle WebCenter Content 12.2.1.4.0 and 14.1.2.0.0 allows unauthenticated network attackers to fully

CVE-2026-35319 CRITICAL
9.8 Jun 16

Remote unauthenticated takeover of Oracle WebCenter Content 12.2.1.4.0 and 14.1.2.0.0 is possible via the Content Server

Share

CVE-2026-46806 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy