CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

CVE-2026-46845

criticalcovered by 1 sourcefirst seen 2026-06-17
Oracle has fixed multiple vulnerabilities in various products within the Oracle Fusion Middleware suite, including WebLogic Server, WebCenter Content, WebCenter Sites, WebCenter Portal, WebCenter Enterprise Capture, Identity Manager, Identity Manager Connector, Access Manager, Coherence, Unified Directory, Virtual Directory, and Application Development Framework (ADF). The vulnerabilities affect various versions of Oracle Fusion Middleware products, where an attacker with network access via HTTP, HTTPS, LDAP, T3, IIOP, or RMI protocols, depending on the product and vulnerability, can perform unauthorized actions. These actions include full system compromise, remote code execution, unauthorized creation, modification, or deletion of critical data, and bypassing authentication. Some vulnerabilities require user interaction, while others can be exploited by unauthenticated attackers. The vulnerabilities impact the confidentiality, integrity, and availability of the affected systems. Specific components such as WebLogic Server Console, Identity Manager Connector, Access Manager Authentication Engine, and Coherence are also affected. The CVSS 3.1 base scores range from moderate (around 4.1) to critical (10.0), depending on the vulnerability and product. Exploitation can lead to complete takeover of systems and may impact other Oracle products that rely on the vulnerable components.

CSIRTS triage

What
Multiple vulnerabilities could allow unauthorized actions including full system compromise and remote code execution.
Who is affected
Users with network access to various Oracle Fusion Middleware products.
Urgency
Remediation is critical due to the severity and potential impact of the vulnerabilities.
Action
Users should apply the updates provided by Oracle.

AI-assisted analysis generated from the source advisory — verify against the original.

⚡ Watch CVE-2026-46845

Get an email if CVE-2026-46845 is added to CISA KEV, gains public exploit code, or a new advisory cites it — max one per day, one-click unsubscribe.

Exploitation outlook

Advisory coverage (1)

External references

NVD record for CVE-2026-46845

CVE.org record

Embed the live status

CVE-2026-46845 live status badge — this badge updates automatically when the KEV or exploit status changes. How to embed it →

[![CVE-2026-46845 status](https://www.csirts.com/badge/CVE-2026-46845)](https://www.csirts.com/cve/CVE-2026-46845)