External risk intelligence

Oracle WebCenter Sites Takeover Vulnerability

CVE advisorySeverity: CRITICAL (CVSS 10.0)

CVE-2026-46798

A critical vulnerability in Oracle WebCenter Sites allows unauthenticated attackers with network access via HTTP to compromise the application, potentially leading to a complete takeover and impacting additional products. This issue, with a CVSS score of 10.0, affects confidentiality, integrity, and availability.

Missing Authentication

Oracle Webcenter Sites

12.2.1.4.014.1.2.0.0

Halo Surface Signal

Likely · external exposure

4Halo Surface Signal

Oracle WebCenter Sites is a web-based content management system typically deployed as a public-facing or externally reachable web application to serve content to users, making it commonly accessible via HTTP from the internet.

Horizon Alert

Summary of the vulnerability and why it matters

This advisory details a critical vulnerability found in Oracle WebCenter Sites, a product used for managing web content. The issue, which can be exploited remotely by unauthenticated attackers over HTTP, could allow for a complete takeover of the WebCenter Sites application and potentially impact other connected products.

  • Unauthenticated attackers can compromise content management systems.
  • It affects widely accessible web content platforms.
  • Confirm relevance and understand potential scope.

Attack Path

How an attacker could exploit the issue

An unauthenticated attacker with network access can exploit a vulnerability in Oracle WebCenter Sites. This allows them to compromise the application and potentially gain control over it, impacting additional products as well.

  • No authentication needed.
  • Attackers access via HTTP.
  • Takeover of the application.

Live Threat

Current exploitation, exposure, and threat context

This vulnerability in Oracle WebCenter Sites could allow an unauthenticated attacker with network access to completely take over the system. When supported by the advisory, this takeover may extend to impact other products connected to Oracle WebCenter Sites, affecting its confidentiality, integrity, and availability.

  • Oracle WebCenter Sites system data.
  • Attacker exploits network access via HTTP.
  • Complete system takeover may occur.

Operational Fix

Recommended remediation, mitigation, and detection steps

Ownership of Oracle WebCenter Sites, a critical external-facing component, likely falls to application owners and infrastructure teams, with oversight from security and network teams. The immediate first step is to inventory all instances, verify their reachability and business criticality, and identify the accountable owner for each to prioritize remediation.

  • Application and infrastructure teams should own.
  • Verify reachability and criticality first.
  • Plan remediation based on confirmed risk.

Supplementary metadata

PCI scan relevance

Yes

CVE-2026-46798 — Halo PCI Relevance: Yes. Under typical PCI ASV external scan criteria, this issue may be flagged for scan prioritization.

This vulnerability in Oracle WebCenter Sites allows unauthenticated attackers to take over the system. It is exploitable over the network and has a high impact on confidentiality, integrity, and availability.

Scan-prioritization guidance only—not a PCI DSS certification or ASV attestation.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Validate whether this threat affects your internet-facing exposure.

Halo Threat Intelligence helps prioritize remediation with Halo Surface Signal and H/A/L/O context. Start exposure validation with a free external attack surface trial.

Free EASM Trial See How Signal Works

Frequently asked questions

What is Oracle WebCenter Sites?

Oracle WebCenter Sites is a web-based content management system. Organizations use it to create, manage, and deliver dynamic content across websites and digital channels. It acts as a central platform for handling web experiences and is designed to integrate with various enterprise middleware components to serve data to end users.

What does CWE-306 mean for CVE-2026-46798?

The vulnerability is classified as CWE-306, which refers to a Missing Authentication for Critical Function. In the context of this CVE, it means the application performs sensitive operations or provides access to restricted data without verifying the identity of the person making the request. An attacker can essentially bypass the security gatekeeper that should prevent unauthorized users from interacting with the core system.

How is this vulnerability triggered?

An attacker triggers this flaw by sending specifically crafted HTTP requests to an affected WebCenter Sites instance. The vulnerability relies on the software's network-accessible services to accept commands without requiring a login. It is important to note that actions performed by legitimate, authenticated users within the normal interface are not the source of this risk; rather, it is the lack of authentication at the entry point that allows the unauthorized takeover.

Is my instance at risk according to Halo Surface Signal?

Halo Surface Signal indicates this vulnerability is highly relevant if your WebCenter Sites deployment is reachable via the internet. Because this product is typically used as a public-facing web platform, it is commonly accessible over HTTP from external networks. If your instance is exposed to the internet, it is more likely to be reachable by an attacker attempting to exploit this missing authentication flaw.

What should I do first to address this CVE?

Begin by creating a comprehensive inventory of all Oracle WebCenter Sites instances within your environment. Once identified, determine which instances are network-accessible and verify their business criticality. This allows your infrastructure and application teams to focus on securing the most exposed or vital systems first. Coordinate with your security team to track these assets and prepare for the necessary updates provided by the vendor.

References

Sources and related resources

Primary sources: NVD, CVE.org.

NVDPublished