CVE-2026-46806: Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle WebCenter Content. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebCenter Content, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebCenter
CVE-2026-46806 is a high-severity vulnerability in Oracle WebCenter Content 14.1.2.0.0 that allows an unauthenticated attacker with network access via HTTPS to compromise the product. Exploitation requires user interaction by a person other than the attacker and can lead to unauthorized access to critical data or complete access to all Oracle WebCenter Content accessible data. The vulnerability also allows unauthorized modification (update, insert, delete) of some accessible data. The vulnerability has a CVSS 3.1 base score of 8.2, reflecting high confidentiality impact and limited integrity impact. Oracle has included this vulnerability in its June 2026 Critical Security Patch Update advisory but has not explicitly stated patch availability or a direct fix for this specific CVE in the advisory content provided. Oracle strongly recommends applying the June 2026 Critical Security Patch Update to mitigate this and other vulnerabilities.
AI Analysis
Technical Summary
CVE-2026-46806 affects Oracle WebCenter Content version 14.1.2.0.0 and is an easily exploitable vulnerability that allows an unauthenticated attacker with network access via HTTPS to compromise the product. Successful exploitation requires user interaction from a third party and can result in unauthorized access to critical data or full access to all data accessible by Oracle WebCenter Content. The vulnerability also permits unauthorized update, insert, or delete operations on some data. The vulnerability impacts confidentiality and integrity, with a CVSS 3.1 score of 8.2 (AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N). The scope of impact may extend beyond Oracle WebCenter Content to additional Oracle products. Oracle’s June 2026 Critical Security Patch Update advisory references this vulnerability among many others and strongly urges customers to apply the update promptly. However, the advisory does not explicitly confirm a dedicated patch or fix for CVE-2026-46806 alone.
Potential Impact
Successful exploitation of CVE-2026-46806 can lead to unauthorized access to critical and sensitive data within Oracle WebCenter Content, including potentially complete access to all accessible data. It also allows unauthorized modification of some data, impacting data integrity. The vulnerability requires network access via HTTPS and user interaction by a third party, increasing the attack complexity but still posing a significant risk given the high confidentiality impact. The vulnerability’s scope change indicates potential impact on additional Oracle products beyond WebCenter Content.
Mitigation Recommendations
Oracle’s June 2026 Critical Security Patch Update advisory strongly recommends applying the update promptly to address this and other vulnerabilities. Although the advisory does not explicitly confirm a dedicated patch for CVE-2026-46806, applying the June 2026 Critical Security Patch Update is the recommended remediation. Until patches are applied, risk may be reduced by blocking network protocols required for exploitation and removing unnecessary privileges or access to vulnerable components, though these measures may affect application functionality. Customers should monitor Oracle’s advisory page for updated patch information and apply patches without delay.
CVE-2026-46806: Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle WebCenter Content. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebCenter Content, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebCenter
Description
CVE-2026-46806 is a high-severity vulnerability in Oracle WebCenter Content 14.1.2.0.0 that allows an unauthenticated attacker with network access via HTTPS to compromise the product. Exploitation requires user interaction by a person other than the attacker and can lead to unauthorized access to critical data or complete access to all Oracle WebCenter Content accessible data. The vulnerability also allows unauthorized modification (update, insert, delete) of some accessible data. The vulnerability has a CVSS 3.1 base score of 8.2, reflecting high confidentiality impact and limited integrity impact. Oracle has included this vulnerability in its June 2026 Critical Security Patch Update advisory but has not explicitly stated patch availability or a direct fix for this specific CVE in the advisory content provided. Oracle strongly recommends applying the June 2026 Critical Security Patch Update to mitigate this and other vulnerabilities.
CVSS v3.1
Score 8.2high
Affected software
pkg:maven/com.oracle.webcenter/contentRun on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-46806 affects Oracle WebCenter Content version 14.1.2.0.0 and is an easily exploitable vulnerability that allows an unauthenticated attacker with network access via HTTPS to compromise the product. Successful exploitation requires user interaction from a third party and can result in unauthorized access to critical data or full access to all data accessible by Oracle WebCenter Content. The vulnerability also permits unauthorized update, insert, or delete operations on some data. The vulnerability impacts confidentiality and integrity, with a CVSS 3.1 score of 8.2 (AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N). The scope of impact may extend beyond Oracle WebCenter Content to additional Oracle products. Oracle’s June 2026 Critical Security Patch Update advisory references this vulnerability among many others and strongly urges customers to apply the update promptly. However, the advisory does not explicitly confirm a dedicated patch or fix for CVE-2026-46806 alone.
Potential Impact
Successful exploitation of CVE-2026-46806 can lead to unauthorized access to critical and sensitive data within Oracle WebCenter Content, including potentially complete access to all accessible data. It also allows unauthorized modification of some data, impacting data integrity. The vulnerability requires network access via HTTPS and user interaction by a third party, increasing the attack complexity but still posing a significant risk given the high confidentiality impact. The vulnerability’s scope change indicates potential impact on additional Oracle products beyond WebCenter Content.
Mitigation Recommendations
Oracle’s June 2026 Critical Security Patch Update advisory strongly recommends applying the update promptly to address this and other vulnerabilities. Although the advisory does not explicitly confirm a dedicated patch for CVE-2026-46806, applying the June 2026 Critical Security Patch Update is the recommended remediation. Until patches are applied, risk may be reduced by blocking network protocols required for exploitation and removing unnecessary privileges or access to vulnerable components, though these measures may affect application functionality. Customers should monitor Oracle’s advisory page for updated patch information and apply patches without delay.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- oracle
- Date Reserved
- 2026-05-18T15:55:10.300Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
- Vendor Advisory Urls
- [{"url":"https://www.oracle.com/security-alerts/cspujun2026.html","vendor":"Oracle"}]
Threat ID: 6a31b6130b89be6888265994
Added to database: 6/16/2026, 8:46:11 PM
Last enriched: 6/16/2026, 11:15:33 PM
Last updated: 6/17/2026, 5:10:33 AM
Views: 3
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.