Description
Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware (component: Content Server). The supported version that is affected is 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Content. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebCenter Content accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
Published: 2026-06-16
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A remote unauthenticated vulnerability exists in Oracle WebCenter Content (component: Content Server) that can be exploited over HTTP. Successful exploitation enables an attacker to read critical data and potentially gain unrestricted access to all data accessible through the WebCenter Content platform, resulting in a severe confidentiality compromise. The weakness arises from improper input validation and authorization controls that allow requests to retrieve protected content without authentication.

Affected Systems

Oracle WebCenter Content version 14.1.2.0.0 is affected. The vulnerability applies to the Oracle Fusion Middleware stack that includes the Content Server component.

Risk and Exploitability

The CVSS 3.1 score of 7.5 indicates a high severity impact with a high confidentiality impact, while the EPSS score of less than 1% signals that exploitation is currently unlikely. The vulnerability is not listed in the CISA KEV catalog. The likely attack vector is via an unauthenticated HTTP request to the WebCenter Content service, taking advantage of improper authorization checks.

Generated by OpenCVE AI on June 17, 2026 at 18:26 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Verify and apply any Oracle security patch or update for WebCenter Content 14.1.2.0.0; if a patch is not yet available, upgrade to a newer, supported release once available.
  • Restrict network access to WebCenter Content by configuring firewalls or access control lists to allow only trusted IP ranges, and disable unnecessary HTTP endpoints.
  • Enable logging and monitoring for the Content Server to detect anomalous access patterns, and review logs regularly for signs of unsuccessful exploitation attempts.

Generated by OpenCVE AI on June 17, 2026 at 18:26 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 16 Jun 2026 20:45:00 +0000

Type Values Removed Values Added
Description Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware (component: Content Server). The supported version that is affected is 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Content. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebCenter Content accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
First Time appeared Oracle
Oracle webcenter Content
CPEs cpe:2.3:a:oracle:webcenter_content:14.1.2.0.0:*:*:*:*:*:*:*
Vendors & Products Oracle
Oracle webcenter Content
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

Subscriptions

Oracle Webcenter Content
cve-icon MITRE

Status: PUBLISHED

Assigner: oracle

Published:

Updated: 2026-06-17T14:54:54.588Z

Reserved: 2026-05-18T15:55:10.298Z

Link: CVE-2026-46791

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-17T01:15:16Z

Weaknesses

No weakness.