External risk intelligence

Oracle WebCenter Content Network Access Data Tampering and Disclosure Vulnerability

CVE advisorySeverity: CRITICAL (CVSS 9.1)

CVE-2026-46777

A vulnerability in Oracle WebCenter Content allows unauthenticated network attackers to compromise the system, potentially leading to unauthorized modification, deletion, or access to critical data. This could impact the confidentiality and integrity of managed content.

Oracle Webcenter Content

12.2.1.4.014.1.2.0.0

Halo Surface Signal

Likely · external exposure

4Halo Surface Signal

Oracle WebCenter Content is an enterprise middleware platform designed to manage documents and digital assets. It is commonly deployed as a web-accessible application to support remote users, content management workflows, and integrated web services, making it a likely candidate for public-facing or edge-network deployment.

Horizon Alert

Summary of the vulnerability and why it matters

A security vulnerability has been identified in Oracle WebCenter Content, an Oracle Fusion Middleware product. This issue, if exploited, could allow an unauthorized attacker to access, modify, or delete critical data within the system. The primary concern is to confirm if our environment utilizes this specific Oracle product and if it is exposed to external access.

  • Unauthenticated attackers can access critical data.
  • Understand if our Oracle WebCenter Content is affected.
  • Confirm product relevance and exposure in our environment.

Attack Path

How an attacker could exploit the issue

An unauthenticated attacker could access the Oracle WebCenter Content product over the network and exploit a vulnerability in the Content Server component. This could allow them to gain unauthorized access to or modify critical data within the system.

  • No authentication required for access.
  • Attacker triggers vulnerability via HTTP.
  • Unauthorized data access or modification.

Live Threat

Current exploitation, exposure, and threat context

An unauthenticated attacker with network access could alter, delete, or gain complete access to critical data and all accessible data within Oracle WebCenter Content. This could occur when the system is accessible via HTTP, potentially impacting the integrity and confidentiality of managed content.

  • Critical content data at risk.
  • Via network access, exploiting unauthenticated flaws.
  • Unauthorized access and modification of content.

Operational Fix

Recommended remediation, mitigation, and detection steps

The Oracle WebCenter Content product is susceptible to a critical vulnerability that could allow unauthenticated attackers to gain unauthorized access and modify or delete critical data. This issue likely impacts application owners and infrastructure teams responsible for managing Oracle Fusion Middleware deployments. The immediate first step should be to identify all instances of the affected Oracle WebCenter Content, determine their exposure and business criticality, and then assign ownership for remediation planning.

  • Assign ownership to application or infrastructure teams.
  • Verify network exposure and business criticality.
  • Plan risk-based remediation and vendor coordination.

Supplementary metadata

PCI scan relevance

Yes

CVE-2026-46777 — Halo PCI Relevance: Yes. Under typical PCI ASV external scan criteria, this issue may be flagged for scan prioritization.

This vulnerability in Oracle WebCenter Content allows unauthenticated attackers to access or modify critical data. The high impact on confidentiality and integrity makes it relevant for PCI scans.

Scan-prioritization guidance only—not a PCI DSS certification or ASV attestation.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Validate whether this threat affects your internet-facing exposure.

Halo Threat Intelligence helps prioritize remediation with Halo Surface Signal and H/A/L/O context. Start exposure validation with a free external attack surface trial.

Free EASM Trial See How Signal Works

Frequently asked questions

What is Oracle WebCenter Content?

It is an enterprise middleware platform that manages documents and digital assets. Organizations use it to streamline content management workflows and provide integrated web services for users. It serves as a central hub for storing and organizing business information across an enterprise.

What kind of vulnerability is CVE-2026-46777?

This vulnerability falls under the Improper Access Control (CWE-284) weakness class. In plain terms, it means the software fails to properly verify who is allowed to view or change data. Because of this flaw, the system may unintentionally permit users who have not logged in to perform actions on critical files or records that should be protected.

How does an attacker trigger this vulnerability?

An attacker triggers this issue by sending malicious requests over HTTP to the Content Server component. The vulnerability does not require the attacker to have valid login credentials to succeed. It is important to note that this flaw specifically relates to network-accessible interaction; actions that do not involve HTTP communication with the application are not part of this trigger path.

Is my instance of Oracle WebCenter Content at risk?

According to Halo Surface Signal, this software is often deployed as a web-accessible application to support remote users, making it a likely candidate for public-facing or edge-network deployment. If your instance is reachable over the network without strictly managed access, it may be exposed to the risks identified in this CVE.

How should I respond to this threat?

Start by locating all active instances of the affected versions, 12.2.1.4.0 and 14.1.2.0.0, within your infrastructure. Once identified, evaluate their business criticality and verify whether they are reachable via the network. Assign ownership to the relevant application or infrastructure teams so they can prioritize remediation and coordinate with Oracle’s security guidance.

References

Sources and related resources

Primary sources: NVD, CVE.org.

NVDPublished