NCSC-2026-0207 [1.00] [M/H] Vulnerabilities fixed in Oracle Fusion Middleware products
Oracle has fixed multiple vulnerabilities in various products within the Oracle Fusion Middleware suite, including WebLogic Server, WebCenter Content, WebCenter Sites, WebCenter Portal, WebCenter Enterprise Capture, Identity Manager, Identity Manager Connector, Access Manager, Coherence, Unified Directory, Virtual Directory, and Application Development Framework (ADF). The vulnerabilities affect various versions of Oracle Fusion Middleware products, where an attacker with network access via HTTP, HTTPS, LDAP, T3, IIOP, or RMI protocols, depending on the product and vulnerability, can perform unauthorized actions. These actions include full system compromise, remote code execution, unauthorized creation, modification, or deletion of critical data, and bypassing authentication. Some vulnerabilities require user interaction, while others can be exploited by unauthenticated attackers. The vulnerabilities impact the confidentiality, integrity, and availability of the affected systems. Specific components such as WebLogic Server Console, Identity Manager Connector, Access Manager Authentication Engine, and Coherence are also affected. The CVSS 3.1 base scores range from moderate (around 4.1) to critical (10.0), depending on the vulnerability and product. Exploitation can lead to complete takeover of systems and may impact other Oracle products that rely on the vulnerable components.
CSIRTS triage
- What
- Multiple vulnerabilities could allow unauthorized actions including full system compromise and remote code execution.
- Who is affected
- Users with network access to various Oracle Fusion Middleware products.
- Urgency
- Remediation is critical due to the severity and potential impact of the vulnerabilities.
- Action
- Users should apply the updates provided by Oracle.
AI-assisted analysis generated from the source advisory — verify against the original.
⚡ Watch Fusion Middleware
Get an email when a new Fusion Middleware advisory drops — max one per day, one-click unsubscribe.
Details
Original advisory: https://advisories.ncsc.nl/advisory?id=NCSC-2026-0207
Exploitation outlook
EPSS (FIRST.org) estimates each CVE’s probability of exploitation in the next 30 days — here is the CSIRTS.com read on those numbers.
- Low exploitation riskCVE-2026-467880.40% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 32% of all scored CVEs.
- Low exploitation riskCVE-2026-467890.42% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 34% of all scored CVEs.
- Low exploitation riskCVE-2026-467900.34% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 26% of all scored CVEs.
- Low exploitation riskCVE-2026-467910.41% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 33% of all scored CVEs.
- Low exploitation riskCVE-2026-467920.40% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 32% of all scored CVEs.
- Low exploitation riskCVE-2026-467930.40% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 32% of all scored CVEs.
- Low exploitation riskCVE-2026-467940.43% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 35% of all scored CVEs.
- Low exploitation riskCVE-2026-467950.39% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 31% of all scored CVEs.
- Low exploitation riskCVE-2026-467960.35% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 27% of all scored CVEs.
- Low exploitation riskCVE-2026-467970.48% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 38% of all scored CVEs.
Referenced CVEs
+12 more CVEs referenced in this advisory.
Recent advisories for Oracle Fusion Middleware
A cluster of recent advisories against the same product widens the attack surface — attackers routinely chain freshly published CVEs on one product, so review these together.
- criticalexploitedCVE-2025-61757: Oracle Fusion Middleware Missing Authentication for Critical Function Vulnerabilitycisa-kev · 2025-11-21
- criticalexploitedCVE-2020-2551: Oracle Fusion Middleware Unspecified Vulnerabilitycisa-kev · 2023-11-16
- criticalexploitedCVE-2021-35587: Oracle Fusion Middleware Unspecified Vulnerabilitycisa-kev · 2022-11-28
- criticalexploitedCVE-2012-1710: Oracle Fusion Middleware Unspecified Vulnerabilitycisa-kev · 2022-05-25
- criticalexploitedCVE-2012-0518: Oracle Fusion Middleware Unspecified Vulnerabilitycisa-kev · 2022-03-28
- criticalexploitedCVE-2012-3152: Oracle Fusion Middleware Unspecified Vulnerabilitycisa-kev · 2021-11-03
More from NCSC-NL Advisories
- unknownNCSC-2026-0223 [1.00] [M/H] Vulnerabilities fixed in BeyondTrust Remote Support and Privileged Remote Access2026-07-10
- unknownNCSC-2026-0222 [1.00] [M/H] Vulnerabilities fixed in GitLab Enterprise Edition and Community Edition2026-07-10
- unknownNCSC-2026-0221 [1.00] [M/H] Vulnerabilities fixed in UniFi products from Ubiquiti Networks2026-07-07
- unknownNCSC-2026-0220 [1.00] [M/H] Vulnerabilities fixed in Rancher by Rancher Labs2026-07-03
- unknownNCSC-2026-0219 [1.00] [M/H] Vulnerabilities fixed in GitHub Enterprise Server2026-07-03