Threat Intelligence Database

CVE-2026-46801 is a critical vulnerability in Oracle WebCenter Sites versions 12.2.1.4.0 and 14.1.2.0.0. It allows an unauthenticated attacker with network access via HTTP to fully compromise the product, potentially resulting in complete takeover. The vulnerability has a CVSS 3.1 base score of 9.8, indicating high impact on confidentiality, integrity, and availability. Oracle has released a Critical Security Patch Update addressing this and many other vulnerabilities. Customers are strongly advised to apply the patches promptly to mitigate risk.

CVE-2026-46800 is a critical vulnerability in Oracle WebCenter Sites versions 12.2.1.4.0 and 14.1.2.0.0 that allows an unauthenticated attacker with network access via HTTP to fully compromise the product. Successful exploitation can lead to complete takeover of Oracle WebCenter Sites and may impact additional Oracle products. The vulnerability has a CVSS 3.1 base score of 10.0, indicating high confidentiality, integrity, and availability impacts. Oracle has acknowledged the issue in its June 2026 Critical Security Patch Update advisory and strongly recommends applying patches promptly. Workarounds such as blocking network protocols or removing unnecessary privileges may reduce risk but could affect functionality. Patch availability is indicated in the advisory, but explicit patch details for this CVE are not directly stated in the provided content.

CVE-2026-46799 is a critical vulnerability in Oracle WebCenter Sites versions 12.2.1.4.0 and 14.1.2.0.0. It allows an unauthenticated attacker with network access via HTTP to fully compromise the product, potentially resulting in complete takeover. The vulnerability has a CVSS 3.1 base score of 9.8, indicating high impact on confidentiality, integrity, and availability. Oracle has acknowledged the issue in their June 2026 Critical Security Patch Update advisory and strongly recommends applying the provided patches promptly. Workarounds include blocking required network protocols or removing unnecessary privileges, though these may affect functionality. No known exploits in the wild have been reported at this time.

CVE-2026-46798 is a critical vulnerability in Oracle WebCenter Sites versions 12.2.1.4.0 and 14.1.2.0.0. It allows an unauthenticated attacker with network access via HTTP to fully compromise the product, potentially leading to complete takeover. The vulnerability impacts confidentiality, integrity, and availability, with a CVSS 3.1 base score of 10.0. Oracle has acknowledged the severity and recommends applying security patches promptly. The vulnerability may also affect additional Oracle products due to scope change. No specific patch version is stated in the advisory, but Oracle strongly urges applying the June 2026 Critical Security Patch Update to mitigate this and other vulnerabilities.

CVE-2026-46797 is a critical vulnerability in Oracle WebCenter Sites versions 12.2.1.4.0 and 14.1.2.0.0. It allows an unauthenticated attacker with network access via HTTP to fully compromise the product, potentially resulting in complete takeover. The vulnerability has a CVSS 3.1 base score of 9.8, indicating high impact on confidentiality, integrity, and availability. Oracle has released a Critical Security Patch Update in June 2026 addressing this and many other vulnerabilities. Customers are strongly advised to apply the provided patches promptly to mitigate the risk. Workarounds such as blocking network protocols or restricting privileges may reduce risk temporarily but can impact functionality.

CVE-2026-46796 is a high-severity vulnerability in Oracle WebCenter Sites versions 12.2.1.4.0 and 14.1.2.0.0. It allows a low privileged attacker with network access via HTTP to compromise the product, requiring user interaction from a person other than the attacker. Successful exploitation can lead to full takeover of Oracle WebCenter Sites. The vulnerability has a CVSS 3.1 base score of 8.0, indicating high impact on confidentiality, integrity, and availability. Oracle has included this vulnerability in its June 2026 Critical Security Patch Update advisory but has not explicitly stated patch availability for these versions in the provided content. Oracle strongly recommends applying Critical Security Patch Update patches promptly to mitigate this and other vulnerabilities.

CVE-2026-35318 is a high-severity vulnerability in Oracle WebCenter Sites versions 12.2.1.4.0 and 14.1.2.0.0. It allows a low privileged attacker with network access via HTTP to compromise the product, potentially leading to full takeover. The vulnerability impacts confidentiality, integrity, and availability. Oracle has included this fix in its June 2026 Critical Security Patch Update. Customers are strongly advised to apply the patch promptly to mitigate the risk.

CVE-2026-35296 is a critical vulnerability in Oracle WebCenter Sites versions 12.2.1.4.0 and 14.1.2.0.0. It allows an unauthenticated attacker with network access via HTTP to fully compromise the product, potentially resulting in complete takeover. The vulnerability has a CVSS 3.1 base score of 9.8, indicating high impact on confidentiality, integrity, and availability. Oracle has released a Critical Security Patch Update (CSPU) in June 2026 addressing this and many other vulnerabilities. Customers are strongly advised to apply the patches promptly to mitigate risk. Until patched, risk reduction may be possible by blocking required network protocols or restricting privileges, though these may impact functionality.

CVE-2026-35295 is a high-severity vulnerability in Oracle WebCenter Sites versions 12.2.1.4.0 and 14.1.2.0.0. It allows a low privileged attacker with network access via HTTP to potentially compromise the system, leading to full takeover of Oracle WebCenter Sites. The vulnerability has a CVSS 3.1 base score of 7.5, indicating high impact on confidentiality, integrity, and availability. Oracle has included this vulnerability in its June 2026 Critical Security Patch Update, which contains numerous security fixes across multiple products. Oracle strongly recommends applying the patch promptly to mitigate the risk. Until patched, risk reduction may be possible by blocking required network protocols or restricting privileges, though these measures may impact functionality.

A critical vulnerability (CVE-2026-35293) affects Oracle WebCenter Sites version 14.1.2.0.0. This vulnerability allows an unauthenticated attacker with network access via HTTP to fully compromise the product, potentially leading to complete takeover. The vulnerability has a CVSS 3.1 base score of 9.8, indicating high impact on confidentiality, integrity, and availability. Oracle has released a Critical Security Patch Update in June 2026 addressing this and other vulnerabilities. Customers are strongly advised to apply the provided patches promptly to mitigate the risk.