PT-2026-49954 · Oracle · Oracle Webcenter Portal

Published

2026-06-16

Updated

2026-06-16

CVE-2026-46846

CVSS v3.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Oracle WebCenter Portal version 12.2.1.4.0 Oracle WebCenter Portal version 14.1.2.0.0

Description An issue in the Security Framework component of Oracle WebCenter Portal allows an unauthenticated attacker with network access via HTTP to compromise the system. Successful exploitation can result in a full takeover of Oracle WebCenter Portal and may significantly impact additional products due to a scope change.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Missing Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-306

Related Identifiers

CVE-2026-46846

Affected Products

Oracle Webcenter Portal

PT-2026-49954 · Oracle · Oracle Webcenter Portal

CVE-2026-46846

Weakness Enumeration

Related Identifiers

Affected Products

References · 2