Skip to main content

Oracle WebCenter Content EUVDEUVD-2026-37301

| CVE-2026-46783 CRITICAL
Missing Authentication for Critical Function (CWE-306)
2026-06-16 oracle
9.8
CVSS 3.1 · Vendor: oracle
Share

Severity by source

Vendor (oracle) PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vuln.today AI
9.8 CRITICAL

Oracle states unauthenticated HTTP exploitation is easy and results in product takeover, justifying AV:N/AC:L/PR:N/UI:N with full C/I/A impact and unchanged scope.

3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (oracle).

CVSS VectorVendor: oracle

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
Analysis Generated
Jun 16, 2026 - 23:06 vuln.today

DescriptionCVE.org

Vulnerability in the WebCenter Content: Imaging product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise WebCenter Content: Imaging. Successful attacks of this vulnerability can result in takeover of WebCenter Content: Imaging. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

AnalysisAI

Remote unauthenticated takeover of Oracle WebCenter Content: Imaging (versions 12.2.1.4.0 and 14.1.2.0.0) is possible via HTTP, per Oracle's June 2026 Critical Patch Update. With a CVSS 3.1 base score of 9.8 and AV:N/AC:L/PR:N/UI:N, the flaw in the Core component enables full compromise of confidentiality, integrity, and availability. No public exploit identified at time of analysis, and the CVE is not currently listed in CISA KEV.

Technical ContextAI

Oracle WebCenter Content: Imaging is the document imaging and capture module within Oracle Fusion Middleware's WebCenter Content suite, used for enterprise document management, invoice processing, and records workflows. The CPE 'cpe:2.3:a:oracle_corporation:webcenter_content:_imaging' confirms the Imaging-specific component within the broader WebCenter Content product is in scope, specifically its Core subsystem reachable over HTTP. No CWE has been assigned by Oracle, but the combination of network vector, low complexity, no privileges, and a full triad impact is characteristic of unauthenticated request-handling flaws such as deserialization, authentication bypass, or injection in the application's HTTP-facing endpoints - common patterns in prior Oracle Fusion Middleware advisories.

RemediationAI

Patch available per vendor advisory: apply the fixes shipped in the Oracle Critical Patch Update of June 2026 (https://www.oracle.com/security-alerts/cspujun2026.html) for WebCenter Content: Imaging 12.2.1.4.0 and 14.1.2.0.0; no exact post-patch build number was provided in the supplied data, so confirm the specific bundle patch in Oracle's CPU matrix before deploying. As compensating controls until the CPU is applied, restrict network access to the WebCenter Content: Imaging HTTP and managed-server ports so that only trusted application tiers and administrative jump hosts can reach them - accepting that legitimate document submission/imaging integrations from end users or partners will break until reopened - and place the service behind a reverse proxy or WAF that enforces authentication at the edge, acknowledging this does not address the root cause and may be bypassed if backend ports remain exposed. Increase HTTP access logging on the Imaging managed servers and monitor for anomalous requests to Imaging endpoints to detect attempted exploitation.

CVE-2017-10075 HIGH POC
8.2 Aug 08

Vulnerability in the Oracle WebCenter Content component of Oracle Fusion Middleware (subcomponent: Content Server). Rate

CVE-2026-46784 CRITICAL
9.1 Jun 16

Unauthenticated remote compromise of Oracle WebCenter Content: Imaging (component: Core) in Oracle Fusion Middleware ver

CVE-2026-46780 HIGH
8.8 Jun 16

Account takeover in Oracle WebCenter Content: Imaging (Fusion Middleware) allows a low-privileged authenticated attacker

CVE-2017-10360 HIGH
8.2 Oct 19

Vulnerability in the Oracle WebCenter Content component of Oracle Fusion Middleware (subcomponent: Content Server). Rate

CVE-2017-10040 HIGH
8.2 Aug 08

Vulnerability in the Oracle WebCenter Content component of Oracle Fusion Middleware (subcomponent: Content Server). Rate

CVE-2017-3625 HIGH
8.2 Apr 24

Vulnerability in the Oracle WebCenter Content component of Oracle Fusion Middleware (subcomponent: Content Server). Rate

CVE-2018-2828 HIGH
8.2 Apr 19

Vulnerability in the Oracle WebCenter Content component of Oracle Fusion Middleware (subcomponent: Content Server). Rate

CVE-2018-2596 HIGH
8.2 Jan 18

Vulnerability in the Oracle WebCenter Content component of Oracle Fusion Middleware (subcomponent: Content Server). Rate

CVE-2018-2564 HIGH
8.2 Jan 18

Vulnerability in the Oracle WebCenter Content component of Oracle Fusion Middleware (subcomponent: Content Server). Rate

CVE-2024-20928 MEDIUM
6.1 Jan 16

Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware (component: Content Server). Rated med

CVE-2023-22126 MEDIUM
5.3 Oct 17

Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware (component: Content Server). Rated med

Share

EUVD-2026-37301 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy