CVE-2026-46781: Easily exploitable vulnerability allows unauthenticated attacker with network access via RMI to compromise Oracle WebCenter Enterprise Capture. While the vulnerability is in Oracle WebCenter Enterprise Capture, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle WebCenter Enterprise Capture. in Oracle Corporation Oracle WebCenter Enterprise Capture
CVE-2026-46781 is a critical vulnerability in Oracle WebCenter Enterprise Capture versions 12.2.1.4.0 and 14.1.2.0.0. It allows an unauthenticated attacker with network access via RMI to fully compromise the product. The vulnerability has a CVSS 3.1 base score of 10.0, indicating high impact on confidentiality, integrity, and availability. Successful exploitation can lead to complete takeover of Oracle WebCenter Enterprise Capture and may affect additional Oracle products due to scope change. Oracle has published a Critical Security Patch Update advisory recommending prompt patching. No explicit patch or fix version is stated in the advisory content provided, but Oracle strongly urges applying the Critical Security Patch Update without delay. Mitigation may include blocking network protocols required by the attack and removing unnecessary privileges, though these may impact functionality.
AI Analysis
Technical Summary
This vulnerability affects Oracle WebCenter Enterprise Capture versions 12.2.1.4.0 and 14.1.2.0.0 and allows an unauthenticated attacker with network access via RMI to compromise the product. The vulnerability is easily exploitable and can result in complete takeover of the affected product. The CVSS 3.1 score is 10.0 with network attack vector, low attack complexity, no privileges or user interaction required, and impacts confidentiality, integrity, and availability with scope change. Oracle’s Critical Security Patch Update advisory for June 2026 includes this vulnerability among 245 security patches. While the advisory strongly recommends applying the patches promptly, no explicit patch version or remediation level is provided in the input data. Oracle suggests blocking attack-related network protocols and removing unnecessary privileges as potential mitigations until patches are applied.
Potential Impact
Successful exploitation allows an unauthenticated attacker with network access to completely compromise Oracle WebCenter Enterprise Capture, resulting in full takeover of the product. The vulnerability impacts confidentiality, integrity, and availability, and may also affect additional Oracle products due to scope change. This represents a critical risk to affected environments.
Mitigation Recommendations
Oracle strongly recommends applying the June 2026 Critical Security Patch Update as soon as possible to remediate this vulnerability. Until patches are applied, risk may be reduced by blocking network protocols required for the attack and removing unnecessary privileges from users. These mitigations may impact application functionality. Patch status is not explicitly confirmed in the advisory content provided; therefore, check the Oracle advisory at https://www.oracle.com/security-alerts/cspujun2026.html for the latest patch availability and installation instructions.
CVE-2026-46781: Easily exploitable vulnerability allows unauthenticated attacker with network access via RMI to compromise Oracle WebCenter Enterprise Capture. While the vulnerability is in Oracle WebCenter Enterprise Capture, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle WebCenter Enterprise Capture. in Oracle Corporation Oracle WebCenter Enterprise Capture
Description
CVE-2026-46781 is a critical vulnerability in Oracle WebCenter Enterprise Capture versions 12.2.1.4.0 and 14.1.2.0.0. It allows an unauthenticated attacker with network access via RMI to fully compromise the product. The vulnerability has a CVSS 3.1 base score of 10.0, indicating high impact on confidentiality, integrity, and availability. Successful exploitation can lead to complete takeover of Oracle WebCenter Enterprise Capture and may affect additional Oracle products due to scope change. Oracle has published a Critical Security Patch Update advisory recommending prompt patching. No explicit patch or fix version is stated in the advisory content provided, but Oracle strongly urges applying the Critical Security Patch Update without delay. Mitigation may include blocking network protocols required by the attack and removing unnecessary privileges, though these may impact functionality.
CVSS v3.1
Score 10.0critical
Affected software
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability affects Oracle WebCenter Enterprise Capture versions 12.2.1.4.0 and 14.1.2.0.0 and allows an unauthenticated attacker with network access via RMI to compromise the product. The vulnerability is easily exploitable and can result in complete takeover of the affected product. The CVSS 3.1 score is 10.0 with network attack vector, low attack complexity, no privileges or user interaction required, and impacts confidentiality, integrity, and availability with scope change. Oracle’s Critical Security Patch Update advisory for June 2026 includes this vulnerability among 245 security patches. While the advisory strongly recommends applying the patches promptly, no explicit patch version or remediation level is provided in the input data. Oracle suggests blocking attack-related network protocols and removing unnecessary privileges as potential mitigations until patches are applied.
Potential Impact
Successful exploitation allows an unauthenticated attacker with network access to completely compromise Oracle WebCenter Enterprise Capture, resulting in full takeover of the product. The vulnerability impacts confidentiality, integrity, and availability, and may also affect additional Oracle products due to scope change. This represents a critical risk to affected environments.
Mitigation Recommendations
Oracle strongly recommends applying the June 2026 Critical Security Patch Update as soon as possible to remediate this vulnerability. Until patches are applied, risk may be reduced by blocking network protocols required for the attack and removing unnecessary privileges from users. These mitigations may impact application functionality. Patch status is not explicitly confirmed in the advisory content provided; therefore, check the Oracle advisory at https://www.oracle.com/security-alerts/cspujun2026.html for the latest patch availability and installation instructions.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- oracle
- Date Reserved
- 2026-05-18T15:55:10.297Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
- Vendor Advisory Urls
- [{"url":"https://www.oracle.com/security-alerts/cspujun2026.html","vendor":"Oracle"}]
Threat ID: 6a31b60a0b89be68882657fc
Added to database: 6/16/2026, 8:46:02 PM
Last enriched: 6/16/2026, 11:30:38 PM
Last updated: 6/17/2026, 4:58:29 AM
Views: 3
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.