Description
Vulnerability in the WebCenter Content: Imaging product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise WebCenter Content: Imaging. Successful attacks of this vulnerability can result in takeover of WebCenter Content: Imaging. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
Published: 2026-06-16
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A vulnerability exists in Oracle WebCenter Content: Imaging that permits an attacker with low privileges and network access via HTTP to execute arbitrary code and take full control of the system. The issue allows compromise of confidentiality, integrity, and availability, effectively granting an attacker complete control over the affected instance.

Affected Systems

The flaw affects Oracle WebCenter Content: Imaging versions 12.2.1.4.0 and 14.1.2.0.0. These versions are distributed as part of Oracle Fusion Middleware and are commonly deployed in enterprise environments for image handling and management.

Risk and Exploitability

The CVSS base score of 8.8 indicates a high severity vulnerability, with low attack complexity and low privilege requirement. The EPSS score of less than 1% indicates a low probability of exploitation at this time, and the flaw is not listed in the CISA KEV catalog.However, because the exploitation vector is network‑based over HTTP and requires only low privileges, once a suitable attacker gains network access, they can bypass authentication and achieve full system takeover. Potential attack paths include sending specially crafted requests to exposed endpoints that fail to validate authentication before performing privileged operations.

Generated by OpenCVE AI on June 17, 2026 at 18:28 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the Oracle WebCenter Content: Imaging patch released in the October 2026 security alert.
  • Restrict HTTP access to the WebCenter Content: Imaging endpoint to trusted hosts only, effectively isolating it from untrusted networks.
  • Monitor HTTP traffic to the WebCenter Content: Imaging service for anomalous requests and enforce logging to detect exploitation attempts.

Generated by OpenCVE AI on June 17, 2026 at 18:28 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 16 Jun 2026 20:45:00 +0000

Type Values Removed Values Added
Description Vulnerability in the WebCenter Content: Imaging product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise WebCenter Content: Imaging. Successful attacks of this vulnerability can result in takeover of WebCenter Content: Imaging. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
First Time appeared Oracle
Oracle webcenter Content Imaging
CPEs cpe:2.3:a:oracle:webcenter_content__imaging:12.2.1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:webcenter_content__imaging:14.1.2.0.0:*:*:*:*:*:*:*
Vendors & Products Oracle
Oracle webcenter Content Imaging
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Oracle Webcenter Content Imaging
cve-icon MITRE

Status: PUBLISHED

Assigner: oracle

Published:

Updated: 2026-06-17T15:33:21.568Z

Reserved: 2026-05-18T15:55:10.297Z

Link: CVE-2026-46780

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-17T01:15:16Z

Weaknesses

No weakness.