CVE-2026-46790 is a vulnerability in Oracle WebCenter Content 14.1.2.0.0 that permits an unauthenticated attacker with network access via HTTP to read a subset of accessible data without authorization. The vulnerability is easily exploitable and affects confidentiality only, with no impact on integrity or availability. Oracle has published this vulnerability as part of its June 2026 Critical Security Patch Update advisory, which includes numerous patches across Oracle products. However, the advisory does not explicitly confirm a dedicated patch or remediation level for this specific vulnerability in version 14.1.2.0.0. Oracle emphasizes the importance of applying Critical Security Patch Updates promptly to mitigate such risks. Workarounds may include blocking network protocols required for exploitation or restricting privileges, but these may affect application functionality.

Successful exploitation of CVE-2026-46790 allows an unauthenticated attacker with network access via HTTP to gain unauthorized read access to some data within Oracle WebCenter Content 14.1.2.0.0. The impact is limited to confidentiality loss; there is no impact on integrity or availability. There are no known exploits in the wild reported at this time.

Oracle strongly recommends applying the June 2026 Critical Security Patch Update as soon as possible to address this and other vulnerabilities. The vendor advisory does not explicitly confirm a dedicated patch for CVE-2026-46790 in version 14.1.2.0.0, so customers should consult the official Oracle advisory and patch documentation for the latest remediation guidance. Until patches are applied, risk may be reduced by blocking network protocols required for exploitation or by removing unnecessary privileges from users, though these measures may impact application functionality.