CVE-2026-46780

Vulnerability in the WebCenter Content: Imaging product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise WebCenter Content: Imaging. Successful attacks of this vulnerability can result in takeover of WebCenter Content: Imaging. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.oracle.com/security-alerts/cspujun2026.html	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:oracle:webcenter_content:12.2.1.4.0:::::::*
	cpe:2.3:a:oracle:webcenter_content:14.1.2.0.0:::::::*

History

18 Jun 2026, 22:33

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-06-17 10:53

Updated : 2026-06-18 22:33

NVD link : CVE-2026-46780

Mitre link : CVE-2026-46780

CVE.ORG link : CVE-2026-46780

JSON object : View

Products Affected

oracle

webcenter_content

CWE

CWE-306

Missing Authentication for Critical Function

{"id": "CVE-2026-46780", "cveTags": [], "metrics": {"ssvcV203": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "ssvcData": {"id": "CVE-2026-46780", "role": "CISA Coordinator", "options": [{"exploitation": "none"}, {"automatable": "no"}, {"technicalImpact": "total"}], "version": "2.0.3", "timestamp": "2026-06-17T14:44:14.406501Z"}}], "cvssMetricV31": [{"type": "Secondary", "source": "secalert_us@oracle.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "affected": [{"source": "secalert_us@oracle.com", "affectedData": [{"vendor": "Oracle Corporation", "product": "WebCenter Content: Imaging", "versions": [{"status": "affected", "version": "12.2.1.4.0", "versionType": "semver"}, {"status": "affected", "version": "14.1.2.0.0", "versionType": "semver"}]}]}], "published": "2026-06-17T10:53:55.570", "references": [{"url": "https://www.oracle.com/security-alerts/cspujun2026.html", "tags": ["Vendor Advisory"], "source": "secalert_us@oracle.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-306"}]}], "descriptions": [{"lang": "en", "value": "Vulnerability in the WebCenter Content: Imaging product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise WebCenter Content: Imaging. Successful attacks of this vulnerability can result in takeover of WebCenter Content: Imaging. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)."}], "lastModified": "2026-06-18T22:33:56.683", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:oracle:webcenter_content:12.2.1.4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FC6BB89E-DCA0-4453-A043-1987EB657451"}, {"criteria": "cpe:2.3:a:oracle:webcenter_content:14.1.2.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B05C4A06-4CB2-4755-8B15-5B00BD24610F"}], "operator": "OR"}]}], "sourceIdentifier": "secalert_us@oracle.com"}