CVE-2026-46778
CriticalCVSS 10.0Exploitation Probability (EPSS)
Low risk37th percentile — higher than 37% of all known CVEs
Summary
Vulnerability in Oracle WebCenter Enterprise Capture (component: Client Bundle) versions 12.2.1.4.0 and 14.1.2.0.0. An unauthenticated attacker with network access via RMI can easily exploit this flaw, leading to full system takeover. The attack may impact additional products (scope change), with a CVSS score of 10.0.
Risk Assessment
The risk to the organization is critical – complete loss of confidentiality, integrity, and availability of data, with potential for attack escalation to other systems.
Recommendation
Apply the Oracle patch immediately for versions 12.2.1.4.0 and 14.1.2.0.0. Restrict RMI access to trusted networks only.
Original NVD description (English source)
Vulnerability in the Oracle WebCenter Enterprise Capture product of Oracle Fusion Middleware (component: Client Bundle). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via RMI to compromise Oracle WebCenter Enterprise Capture. While the vulnerability is in Oracle WebCenter Enterprise Capture, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle WebCenter Enterprise Capture. CVSS 3.1 Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).

