{ "document": { "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE" } }, "lang": "nl", "notes": [ { "category": "legal_disclaimer", "text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings." }, { "category": "description", "text": "Oracle heeft meerdere kwetsbaarheden verholpen in verschillende producten binnen de Oracle Fusion Middleware suite, waaronder WebLogic Server, WebCenter Content, WebCenter Sites, WebCenter Portal, WebCenter Enterprise Capture, Identity Manager, Identity Manager Connector, Access Manager, Coherence, Unified Directory, Virtual Directory en Application Development Framework (ADF).", "title": "Feiten" }, { "category": "description", "text": "De kwetsbaarheden betreffen diverse versies van Oracle Fusion Middleware producten, waarbij een aanvaller met netwerktoegang via HTTP, HTTPS, LDAP, T3, IIOP of RMI protocollen, afhankelijk van het product en de kwetsbaarheid, ongeautoriseerde acties kan uitvoeren. Deze acties omvatten onder andere volledige systeemcompromittering, remote code execution, ongeautoriseerde creatie, wijziging of verwijdering van kritieke data, en het omzeilen van authenticatie. Sommige kwetsbaarheden vereisen gebruikersinteractie, terwijl andere kunnen worden misbruikt door ongeauthenticeerde aanvallers. De kwetsbaarheden beïnvloeden de vertrouwelijkheid, integriteit en beschikbaarheid van de getroffen systemen. Specifieke componenten zoals WebLogic Server Console, Identity Manager Connector, Access Manager Authentication Engine, en Coherence zijn ook getroffen. De CVSS 3.1 basis scores variëren van matig (rond 4.1) tot kritisch (10.0), afhankelijk van de kwetsbaarheid en het product. Exploitatie kan leiden tot volledige overname van systemen en kan impact hebben op andere Oracle producten die afhankelijk zijn van de kwetsbare componenten.", "title": "Interpretaties" }, { "category": "description", "text": "Oracle heeft updates uitgebracht om de kwetsbaarheden in de verschillende Fusion Middleware producten te verhelpen. Zie bijgevoegde referenties voor meer informatie.", "title": "Oplossingen" }, { "category": "general", "text": "medium", "title": "Kans" }, { "category": "general", "text": "high", "title": "Schade" }, { "category": "general", "text": "Improper Authorization", "title": "CWE-285" } ], "publisher": { "category": "coordinator", "contact_details": "cert@ncsc.nl", "name": "Nationaal Cyber Security Centrum", "namespace": "https://www.ncsc.nl/" }, "references": [ { "category": "external", "summary": "Reference", "url": "https://www.oracle.com/security-alerts/cspujun2026.html" } ], "title": "Kwetsbaarheden verholpen in Oracle Fusion Middleware producten", "tracking": { "current_release_date": "2026-06-17T09:28:34.062672Z", "generator": { "date": "2025-08-04T16:30:00Z", "engine": { "name": "V.A.", "version": "1.3" } }, "id": "NCSC-2026-0207", "initial_release_date": "2026-06-17T09:28:34.062672Z", "revision_history": [ { "date": "2026-06-17T09:28:34.062672Z", "number": "1.0.0", "summary": "Initiele versie" } ], "status": "final", "version": "1.0.0" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-1" } } ], "category": "product_name", "name": "Identity Manager" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-2" } } ], "category": "product_name", "name": "Identity Manager Connector" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-3" } } ], "category": "product_name", "name": "Oracle Access Manager" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-4" } } ], "category": "product_name", "name": "Oracle Application Development Framework (ADF)" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-5" } } ], "category": "product_name", "name": "Oracle Coherence" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-6" } } ], "category": "product_name", "name": "Oracle Data Integrator" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-7" } } ], "category": "product_name", "name": "Oracle Unified Directory" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-8" } } ], "category": "product_name", "name": "Oracle Virtual Directory" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-9" } } ], "category": "product_name", "name": "Oracle WebCenter Content" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-10" } } ], "category": "product_name", "name": "Oracle WebCenter Enterprise Capture" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-11" } } ], "category": "product_name", "name": "Oracle WebCenter Portal" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-12" } } ], "category": "product_name", "name": "Oracle WebCenter Sites" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-13" } } ], "category": "product_name", "name": "WebCenter Content: Imaging" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-14" } } ], "category": "product_name", "name": "WebLogic Server" } ], "category": "vendor", "name": "Oracle" } ] }, "vulnerabilities": [ { "cve": "CVE-2026-46788", "notes": [ { "category": "description", "text": "A critical vulnerability in Oracle WebCenter Content 14.1.2.0.0 allows a high-privileged attacker with network access and user interaction to potentially compromise system confidentiality, integrity, and availability, rated CVSS 8.4.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] }, "references": [ { "category": "self", "summary": "CVE-2026-46788 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-46788.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H", "baseScore": 8.4, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] } ], "title": "CVE-2026-46788" }, { "cve": "CVE-2026-46789", "notes": [ { "category": "description", "text": "A critical vulnerability in Oracle WebCenter Content 14.1.2.0.0 allows unauthenticated remote attackers to potentially take over the system via HTTP, with a CVSS 3.1 base score of 9.6 and requiring user interaction.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] }, "references": [ { "category": "self", "summary": "CVE-2026-46789 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-46789.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "baseScore": 9.6, "baseSeverity": "CRITICAL" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] } ], "title": "CVE-2026-46789" }, { "cve": "CVE-2026-46790", "notes": [ { "category": "description", "text": "A vulnerability in Oracle WebCenter Content 14.1.2.0.0 allows unauthenticated attackers with HTTP network access to gain unauthorized read access to certain data, rated with a CVSS 3.1 base score of 5.3.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] }, "references": [ { "category": "self", "summary": "CVE-2026-46790 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-46790.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] } ], "title": "CVE-2026-46790" }, { "cve": "CVE-2026-46791", "notes": [ { "category": "description", "text": "A critical vulnerability in Oracle WebCenter Content 14.1.2.0.0 allows unauthenticated attackers with HTTP network access to gain unauthorized access to sensitive data, rated with a CVSS 3.1 base score of 7.5.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] }, "references": [ { "category": "self", "summary": "CVE-2026-46791 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-46791.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 7.5, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] } ], "title": "CVE-2026-46791" }, { "cve": "CVE-2026-46792", "notes": [ { "category": "description", "text": "A critical vulnerability in Oracle Fusion Middleware Identity Manager Connector (Generic Unix Connector) versions 12.2.1.4.0 and 14.1.2.1.0 allows a low-privileged attacker with HTTP network access to fully compromise the connector, with a CVSS 3.1 base score of 9.9.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] }, "references": [ { "category": "self", "summary": "CVE-2026-46792 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-46792.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "baseScore": 9.9, "baseSeverity": "CRITICAL" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] } ], "title": "CVE-2026-46792" }, { "cve": "CVE-2026-46793", "notes": [ { "category": "description", "text": "A critical vulnerability in Oracle Fusion Middleware Identity Manager Connector versions 12.2.1.4.0 and 14.1.2.1.0 allows a low-privileged attacker with HTTP network access to fully compromise the component, with a CVSS 3.1 base score of 9.9.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] }, "references": [ { "category": "self", "summary": "CVE-2026-46793 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-46793.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "baseScore": 9.9, "baseSeverity": "CRITICAL" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] } ], "title": "CVE-2026-46793" }, { "cve": "CVE-2026-46794", "notes": [ { "category": "description", "text": "A critical vulnerability in Oracle Fusion Middleware Identity Manager Connector versions 12.2.1.4.0 and 14.1.2.1.0 allows low-privileged attackers with SSH access to fully compromise the connector, with a CVSS 3.1 score of 9.9.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] }, "references": [ { "category": "self", "summary": "CVE-2026-46794 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-46794.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "baseScore": 9.9, "baseSeverity": "CRITICAL" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] } ], "title": "CVE-2026-46794" }, { "cve": "CVE-2026-46795", "notes": [ { "category": "description", "text": "A critical vulnerability in Oracle WebCenter Content 14.1.2.0.0 allows unauthenticated remote attackers to manipulate critical data via HTTP, with a CVSS 3.1 base score of 9.3 and requiring third-party user interaction.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] }, "references": [ { "category": "self", "summary": "CVE-2026-46795 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-46795.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N", "baseScore": 9.3, "baseSeverity": "CRITICAL" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] } ], "title": "CVE-2026-46795" }, { "cve": "CVE-2026-46796", "notes": [ { "category": "description", "text": "A critical vulnerability in Oracle WebCenter Sites versions 12.2.1.4.0 and 14.1.2.0.0 allows a low-privileged attacker with network access and user interaction to potentially compromise system confidentiality, integrity, and availability, rated CVSS 8.0.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] }, "references": [ { "category": "self", "summary": "CVE-2026-46796 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-46796.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "baseScore": 8.0, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] } ], "title": "CVE-2026-46796" }, { "cve": "CVE-2026-46797", "notes": [ { "category": "description", "text": "A critical unauthenticated remote code execution vulnerability in Oracle WebCenter Sites versions 12.2.1.4.0 and 14.1.2.0.0 has a CVSS 3.1 base score of 9.8, severely impacting confidentiality, integrity, and availability.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] }, "references": [ { "category": "self", "summary": "CVE-2026-46797 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-46797.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] } ], "title": "CVE-2026-46797" }, { "cve": "CVE-2026-46798", "notes": [ { "category": "description", "text": "A critical unauthenticated remote code execution vulnerability with a CVSS 3.1 base score of 10.0 affects Oracle WebCenter Sites versions 12.2.1.4.0 and 14.1.2.0.0, potentially compromising the entire system and related products.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] }, "references": [ { "category": "self", "summary": "CVE-2026-46798 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-46798.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "baseScore": 10.0, "baseSeverity": "CRITICAL" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] } ], "title": "CVE-2026-46798" }, { "cve": "CVE-2026-46799", "notes": [ { "category": "description", "text": "A critical unauthenticated remote code execution vulnerability in Oracle WebCenter Sites versions 12.2.1.4.0 and 14.1.2.0.0 has a CVSS 3.1 base score of 9.8, severely impacting confidentiality, integrity, and availability.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] }, "references": [ { "category": "self", "summary": "CVE-2026-46799 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-46799.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] } ], "title": "CVE-2026-46799" }, { "cve": "CVE-2026-46800", "notes": [ { "category": "description", "text": "A critical unauthenticated remote code execution vulnerability with a CVSS 3.1 base score of 10.0 affects Oracle WebCenter Sites versions 12.2.1.4.0 and 14.1.2.0.0, potentially compromising the entire system and related products.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] }, "references": [ { "category": "self", "summary": "CVE-2026-46800 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-46800.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "baseScore": 10.0, "baseSeverity": "CRITICAL" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] } ], "title": "CVE-2026-46800" }, { "cve": "CVE-2026-46801", "notes": [ { "category": "description", "text": "A critical unauthenticated remote code execution vulnerability in Oracle WebCenter Sites versions 12.2.1.4.0 and 14.1.2.0.0 has a CVSS 3.1 base score of 9.8, severely impacting confidentiality, integrity, and availability.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] }, "references": [ { "category": "self", "summary": "CVE-2026-46801 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-46801.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] } ], "title": "CVE-2026-46801" }, { "cve": "CVE-2026-46802", "notes": [ { "category": "description", "text": "A critical vulnerability in Oracle WebCenter Portal versions 12.2.1.4.0 and 14.1.2.0.0 allows a low-privileged attacker with HTTP network access to fully compromise the portal, with a CVSS 3.1 base score of 9.9.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] }, "references": [ { "category": "self", "summary": "CVE-2026-46802 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-46802.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "baseScore": 9.9, "baseSeverity": "CRITICAL" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] } ], "title": "CVE-2026-46802" }, { "cve": "CVE-2026-46803", "notes": [ { "category": "description", "text": "A critical unauthenticated remote code execution vulnerability with a CVSS 3.1 score of 10.0 affects Oracle WebCenter Portal versions 12.2.1.4.0 and 14.1.2.0.0, potentially compromising the system and related products.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] }, "references": [ { "category": "self", "summary": "CVE-2026-46803 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-46803.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "baseScore": 10.0, "baseSeverity": "CRITICAL" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] } ], "title": "CVE-2026-46803" }, { "cve": "CVE-2026-46804", "notes": [ { "category": "description", "text": "A critical vulnerability in Oracle WebCenter Content 14.1.2.0.0 allows a low-privileged attacker with network access and user interaction to create, delete, or modify critical data, with a CVSS 3.1 score of 8.7.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] }, "references": [ { "category": "self", "summary": "CVE-2026-46804 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-46804.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N", "baseScore": 8.7, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] } ], "title": "CVE-2026-46804" }, { "cve": "CVE-2026-46805", "notes": [ { "category": "description", "text": "A critical vulnerability in Oracle WebCenter Content 14.1.2.0.0 allows unauthenticated remote attackers to manipulate critical data via HTTP, with a CVSS 3.1 base score of 9.3 and requiring third-party user interaction.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] }, "references": [ { "category": "self", "summary": "CVE-2026-46805 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-46805.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N", "baseScore": 9.3, "baseSeverity": "CRITICAL" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] } ], "title": "CVE-2026-46805" }, { "cve": "CVE-2026-46806", "notes": [ { "category": "description", "text": "A critical vulnerability in Oracle WebCenter Content 14.1.2.0.0 allows unauthenticated attackers with HTTPS network access to potentially gain unauthorized access and modify critical data, with a CVSS 3.1 base score of 8.2.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] }, "references": [ { "category": "self", "summary": "CVE-2026-46806 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-46806.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N", "baseScore": 8.2, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] } ], "title": "CVE-2026-46806" }, { "cve": "CVE-2026-46807", "notes": [ { "category": "description", "text": "A critical vulnerability in Oracle Fusion Middleware Identity Manager versions 12.2.1.4.0 and 14.1.2.1.0 allows unauthenticated remote attackers to fully compromise the system via T3 or IIOP protocols, with a CVSS 3.1 score of 9.8.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] }, "references": [ { "category": "self", "summary": "CVE-2026-46807 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-46807.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] } ], "title": "CVE-2026-46807" }, { "cve": "CVE-2026-46808", "notes": [ { "category": "description", "text": "A critical vulnerability in Oracle WebCenter Content 14.1.2.0.0 allows a low-privileged attacker with network access and user interaction to create, delete, or modify critical data, with a CVSS 3.1 score of 8.7.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] }, "references": [ { "category": "self", "summary": "CVE-2026-46808 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-46808.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N", "baseScore": 8.7, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] } ], "title": "CVE-2026-46808" }, { "cve": "CVE-2026-46809", "notes": [ { "category": "description", "text": "A critical vulnerability in Oracle WebCenter Sites versions 12.2.1.4.0 and 14.1.2.0.0 allows unauthenticated attackers with HTTP network access to create, delete, or modify critical data, rated CVSS 3.1 base score 9.1.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] }, "references": [ { "category": "self", "summary": "CVE-2026-46809 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-46809.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "baseScore": 9.1, "baseSeverity": "CRITICAL" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] } ], "title": "CVE-2026-46809" }, { "cve": "CVE-2026-46810", "notes": [ { "category": "description", "text": "A vulnerability in Oracle Fusion Middleware Identity Manager versions 12.2.1.4.0 and 14.1.2.1.0 allows unauthenticated network attackers via IIOP to perform unauthorized read and write operations, with a CVSS 3.1 base score of 6.5.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] }, "references": [ { "category": "self", "summary": "CVE-2026-46810 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-46810.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "baseScore": 6.5, "baseSeverity": "MEDIUM" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] } ], "title": "CVE-2026-46810" }, { "cve": "CVE-2026-46812", "notes": [ { "category": "description", "text": "A vulnerability in Oracle Access Manager Authentication Engine (versions 12.2.1.4.0 and 14.1.2.1.0) allows unauthenticated attackers with HTTP network access to perform unauthorized data modifications and reads, with a CVSS 3.1 score of 6.1.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] }, "references": [ { "category": "self", "summary": "CVE-2026-46812 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-46812.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "baseScore": 6.1, "baseSeverity": "MEDIUM" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] } ], "title": "CVE-2026-46812" }, { "cve": "CVE-2026-46813", "notes": [ { "category": "description", "text": "A critical unauthenticated remote code execution vulnerability in Oracle WebCenter Content versions 12.2.1.4.0 and 14.1.2.0.0 has a CVSS 3.1 base score of 9.8, severely impacting confidentiality, integrity, and availability.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] }, "references": [ { "category": "self", "summary": "CVE-2026-46813 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-46813.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] } ], "title": "CVE-2026-46813" }, { "cve": "CVE-2026-46814", "notes": [ { "category": "description", "text": "A critical vulnerability in Oracle WebCenter Portal versions 12.2.1.4.0 and 14.1.2.0.0 allows a low-privileged attacker with HTTP network access to fully compromise the portal, with a CVSS 3.1 base score of 9.9.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] }, "references": [ { "category": "self", "summary": "CVE-2026-46814 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-46814.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "baseScore": 9.9, "baseSeverity": "CRITICAL" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] } ], "title": "CVE-2026-46814" }, { "cve": "CVE-2026-46838", "notes": [ { "category": "description", "text": "A critical vulnerability in Oracle WebCenter Portal versions 12.2.1.4.0 and 14.1.2.0.0 allows a low-privileged attacker with HTTPS network access to fully compromise the portal, with a CVSS 3.1 base score of 9.9.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] }, "references": [ { "category": "self", "summary": "CVE-2026-46838 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-46838.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "baseScore": 9.9, "baseSeverity": "CRITICAL" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] } ], "title": "CVE-2026-46838" }, { "cve": "CVE-2026-46844", "notes": [ { "category": "description", "text": "A critical vulnerability in Oracle WebCenter Portal versions 12.2.1.4.0 and 14.1.2.0.0 allows a low-privileged attacker with HTTPS network access to fully compromise the portal, with a CVSS 3.1 base score of 9.9.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] }, "references": [ { "category": "self", "summary": "CVE-2026-46844 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-46844.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "baseScore": 9.9, "baseSeverity": "CRITICAL" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] } ], "title": "CVE-2026-46844" }, { "cve": "CVE-2026-46845", "notes": [ { "category": "description", "text": "A critical vulnerability in Oracle WebCenter Portal versions 12.2.1.4.0 and 14.1.2.0.0 allows unauthenticated remote attackers to fully compromise the portal via HTTPS, with a CVSS 3.1 base score of 9.8.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] }, "references": [ { "category": "self", "summary": "CVE-2026-46845 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-46845.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] } ], "title": "CVE-2026-46845" }, { "cve": "CVE-2026-46846", "notes": [ { "category": "description", "text": "A critical unauthenticated remote code execution vulnerability with a CVSS 3.1 score of 10.0 affects Oracle WebCenter Portal versions 12.2.1.4.0 and 14.1.2.0.0, potentially compromising the system and related products.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] }, "references": [ { "category": "self", "summary": "CVE-2026-46846 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-46846.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "baseScore": 10.0, "baseSeverity": "CRITICAL" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] } ], "title": "CVE-2026-46846" }, { "cve": "CVE-2026-46847", "notes": [ { "category": "description", "text": "A critical vulnerability in Oracle WebCenter Portal versions 12.2.1.4.0 and 14.1.2.0.0 allows a low-privileged attacker with HTTPS network access to fully compromise the portal, with a CVSS 3.1 base score of 9.9 indicating severe risks.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] }, "references": [ { "category": "self", "summary": "CVE-2026-46847 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-46847.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "baseScore": 9.9, "baseSeverity": "CRITICAL" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] } ], "title": "CVE-2026-46847" }, { "cve": "CVE-2026-46848", "notes": [ { "category": "description", "text": "A vulnerability in Oracle Fusion Middleware WebLogic Server versions 14.1.2.0.0 and 15.1.1.0.0 allows a low-privileged attacker with login access and human interaction to compromise the server, with a CVSS 3.1 base score of 7.9.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] }, "references": [ { "category": "self", "summary": "CVE-2026-46848 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-46848.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N", "baseScore": 7.9, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] } ], "title": "CVE-2026-46848" }, { "cve": "CVE-2026-35258", "notes": [ { "category": "description", "text": "A critical vulnerability in Oracle Fusion Middleware WebLogic Server versions 14.1.2.0.0 and 15.1.1.0.0 allows a low-privileged attacker with HTTPS network access to compromise the server, with a CVSS 3.1 base score of 8.7 and requiring third-party user interaction.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] }, "references": [ { "category": "self", "summary": "CVE-2026-35258 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-35258.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N", "baseScore": 8.7, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] } ], "title": "CVE-2026-35258" }, { "cve": "CVE-2026-35259", "notes": [ { "category": "description", "text": "A critical vulnerability in Oracle Fusion Middleware WebLogic Server Console versions 14.1.2.0.0 and 15.1.1.0.0 allows unauthenticated remote attackers via HTTPS to potentially take over the server, with a CVSS score of 8.8.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] }, "references": [ { "category": "self", "summary": "CVE-2026-35259 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-35259.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] } ], "title": "CVE-2026-35259" }, { "cve": "CVE-2026-35261", "notes": [ { "category": "description", "text": "A vulnerability in Oracle Access Manager Authentication Engine versions 12.2.1.4.0 and 14.1.2.1.0 allows unauthenticated attackers with HTTP network access to gain unauthorized read and write access, rated CVSS 3.1 base score 6.5.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] }, "references": [ { "category": "self", "summary": "CVE-2026-35261 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-35261.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "baseScore": 6.5, "baseSeverity": "MEDIUM" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] } ], "title": "CVE-2026-35261" }, { "cve": "CVE-2026-35262", "notes": [ { "category": "description", "text": "A vulnerability in Oracle Data Integrator versions 12.2.1.4.0 and 14.1.2.0.0 allows a low-privileged attacker with HTTP network access to gain unauthorized access, modify or delete critical data, and cause partial denial of service, rated CVSS 8.3.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] }, "references": [ { "category": "self", "summary": "CVE-2026-35262 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-35262.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L", "baseScore": 8.3, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] } ], "title": "CVE-2026-35262" }, { "cve": "CVE-2026-35263", "notes": [ { "category": "description", "text": "A critical vulnerability in Oracle Fusion Middleware WebLogic Server versions 14.1.2.0.0 and 15.1.1.0.0 allows a low-privileged attacker with HTTP network access to fully compromise the server, with a CVSS score of 9.9.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] }, "references": [ { "category": "self", "summary": "CVE-2026-35263 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-35263.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "baseScore": 9.9, "baseSeverity": "CRITICAL" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] } ], "title": "CVE-2026-35263" }, { "cve": "CVE-2026-35265", "notes": [ { "category": "description", "text": "A critical vulnerability in Oracle Fusion Middleware Identity Manager versions 12.2.1.4.0 and 14.1.2.1.0 allows low-privileged attackers with HTTP network access to fully compromise the system, rated CVSS 3.1 score 8.8.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] }, "references": [ { "category": "self", "summary": "CVE-2026-35265 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-35265.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] } ], "title": "CVE-2026-35265" }, { "cve": "CVE-2026-35267", "notes": [ { "category": "description", "text": "A critical vulnerability in Oracle Fusion Middleware Identity Manager versions 12.2.1.4.0 and 14.1.2.1.0 allows a low-privileged attacker with HTTP network access to fully compromise the system, rated with a CVSS 3.1 base score of 8.8.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] }, "references": [ { "category": "self", "summary": "CVE-2026-35267 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-35267.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] } ], "title": "CVE-2026-35267" }, { "cve": "CVE-2026-35268", "notes": [ { "category": "description", "text": "A critical vulnerability in Oracle Fusion Middleware Identity Manager versions 12.2.1.4.0 and 14.1.2.1.0 allows a low-privileged network attacker to fully compromise the system, with a CVSS 3.1 base score of 9.9.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] }, "references": [ { "category": "self", "summary": "CVE-2026-35268 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-35268.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "baseScore": 9.9, "baseSeverity": "CRITICAL" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] } ], "title": "CVE-2026-35268" }, { "cve": "CVE-2026-35269", "notes": [ { "category": "description", "text": "A critical vulnerability in Oracle Fusion Middleware Identity Manager versions 12.2.1.4.0 and 14.1.2.1.0 allows unauthenticated attackers with HTTP network access to modify or delete critical data, with a CVSS 3.1 base score of 7.5.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] }, "references": [ { "category": "self", "summary": "CVE-2026-35269 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-35269.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "baseScore": 7.5, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] } ], "title": "CVE-2026-35269" }, { "cve": "CVE-2026-35270", "notes": [ { "category": "description", "text": "A critical vulnerability in Oracle WebCenter Content versions 12.2.1.4.0 and 14.1.2.0.0 allows a highly privileged attacker with HTTP network access to fully compromise the system, with a CVSS 3.1 base score of 9.1.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] }, "references": [ { "category": "self", "summary": "CVE-2026-35270 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-35270.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "baseScore": 9.1, "baseSeverity": "CRITICAL" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] } ], "title": "CVE-2026-35270" }, { "cve": "CVE-2026-35280", "notes": [ { "category": "description", "text": "A critical vulnerability in Oracle WebCenter Enterprise Capture versions 12.2.1.4.0 and 14.1.2.0.0 allows low-privileged network attackers via T3 or IIOP to fully compromise the product, with a CVSS 3.1 score of 9.9.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] }, "references": [ { "category": "self", "summary": "CVE-2026-35280 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-35280.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "baseScore": 9.9, "baseSeverity": "CRITICAL" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] } ], "title": "CVE-2026-35280" }, { "cve": "CVE-2026-35281", "notes": [ { "category": "description", "text": "A critical vulnerability in Oracle WebCenter Enterprise Capture versions 12.2.1.4.0 and 14.1.2.0.0 allows low-privileged network attackers via T3 or IIOP to fully compromise the product, with a CVSS 3.1 score of 9.9.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] }, "references": [ { "category": "self", "summary": "CVE-2026-35281 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-35281.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "baseScore": 9.9, "baseSeverity": "CRITICAL" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] } ], "title": "CVE-2026-35281" }, { "cve": "CVE-2026-35282", "notes": [ { "category": "description", "text": "A critical vulnerability in Oracle WebCenter Enterprise Capture versions 12.2.1.4.0 and 14.1.2.0.0 allows low-privileged network attackers via T3 or IIOP to fully compromise the product, with a CVSS 3.1 score of 9.9.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] }, "references": [ { "category": "self", "summary": "CVE-2026-35282 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-35282.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "baseScore": 9.9, "baseSeverity": "CRITICAL" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] } ], "title": "CVE-2026-35282" }, { "cve": "CVE-2026-35283", "notes": [ { "category": "description", "text": "A critical vulnerability in Oracle WebCenter Enterprise Capture versions 12.2.1.4.0 and 14.1.2.0.0 allows low-privileged network attackers via T3 or IIOP to fully compromise the product, with a CVSS 3.1 score of 9.9.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] }, "references": [ { "category": "self", "summary": "CVE-2026-35283 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-35283.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "baseScore": 9.9, "baseSeverity": "CRITICAL" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] } ], "title": "CVE-2026-35283" }, { "cve": "CVE-2026-35284", "notes": [ { "category": "description", "text": "A critical vulnerability in Oracle WebCenter Enterprise Capture versions 12.2.1.4.0 and 14.1.2.0.0 allows low-privileged network attackers via T3 or IIOP to fully compromise the product, with a CVSS 3.1 score of 9.9.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] }, "references": [ { "category": "self", "summary": "CVE-2026-35284 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-35284.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "baseScore": 9.9, "baseSeverity": "CRITICAL" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] } ], "title": "CVE-2026-35284" }, { "cve": "CVE-2026-35285", "notes": [ { "category": "description", "text": "A critical vulnerability in Oracle WebCenter Enterprise Capture versions 12.2.1.4.0 and 14.1.2.0.0 allows low-privileged network attackers via T3 or IIOP to fully compromise the product, with a CVSS 3.1 score of 9.9.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] }, "references": [ { "category": "self", "summary": "CVE-2026-35285 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-35285.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "baseScore": 9.9, "baseSeverity": "CRITICAL" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] } ], "title": "CVE-2026-35285" }, { "cve": "CVE-2026-35286", "notes": [ { "category": "description", "text": "A critical unauthenticated remote code execution vulnerability in Oracle WebCenter Content versions 12.2.1.4.0 and 14.1.2.0.0 has a CVSS 3.1 base score of 9.8, severely impacting confidentiality, integrity, and availability.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] }, "references": [ { "category": "self", "summary": "CVE-2026-35286 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-35286.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] } ], "title": "CVE-2026-35286" }, { "cve": "CVE-2026-35291", "notes": [ { "category": "description", "text": "A vulnerability in Oracle Fusion Middleware WebLogic Server Console (versions 14.1.2.0.0 and 15.1.1.0.0) allows a highly privileged attacker with HTTP network access to potentially take over the server, with a CVSS 3.1 base score of 6.6.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] }, "references": [ { "category": "self", "summary": "CVE-2026-35291 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-35291.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "baseScore": 6.6, "baseSeverity": "MEDIUM" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] } ], "title": "CVE-2026-35291" }, { "cve": "CVE-2026-35292", "notes": [ { "category": "description", "text": "A critical unauthenticated remote code execution vulnerability in Oracle Fusion Middleware WebLogic Server versions 14.1.2.0.0 and 15.1.1.0.0 has a CVSS 3.1 base score of 10.0, enabling full server compromise.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] }, "references": [ { "category": "self", "summary": "CVE-2026-35292 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-35292.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "baseScore": 10.0, "baseSeverity": "CRITICAL" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] } ], "title": "CVE-2026-35292" }, { "cve": "CVE-2026-35293", "notes": [ { "category": "description", "text": "A critical unauthenticated remote code execution vulnerability in Oracle WebCenter Sites 14.1.2.0.0 has a CVSS 3.1 base score of 9.8, severely impacting confidentiality, integrity, and availability.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] }, "references": [ { "category": "self", "summary": "CVE-2026-35293 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-35293.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] } ], "title": "CVE-2026-35293" }, { "cve": "CVE-2026-35294", "notes": [ { "category": "description", "text": "A critical vulnerability in Oracle Fusion Middleware Identity Manager Connector (versions 12.2.1.4.0 and 14.1.2.1.0) allows low-privileged attackers with HTTP network access to fully compromise the component, scoring 9.9 on CVSS 3.1.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] }, "references": [ { "category": "self", "summary": "CVE-2026-35294 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-35294.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "baseScore": 9.9, "baseSeverity": "CRITICAL" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] } ], "title": "CVE-2026-35294" }, { "cve": "CVE-2026-35295", "notes": [ { "category": "description", "text": "A vulnerability in Oracle WebCenter Sites versions 12.2.1.4.0 and 14.1.2.0.0 allows a low-privileged attacker with HTTP network access to potentially compromise system confidentiality, integrity, and availability, rated with a CVSS 3.1 base score of 7.5.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] }, "references": [ { "category": "self", "summary": "CVE-2026-35295 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-35295.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7.5, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] } ], "title": "CVE-2026-35295" }, { "cve": "CVE-2026-35296", "notes": [ { "category": "description", "text": "A critical unauthenticated remote code execution vulnerability in Oracle WebCenter Sites versions 12.2.1.4.0 and 14.1.2.0.0 has a CVSS 3.1 base score of 9.8, severely impacting confidentiality, integrity, and availability.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] }, "references": [ { "category": "self", "summary": "CVE-2026-35296 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-35296.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] } ], "title": "CVE-2026-35296" }, { "cve": "CVE-2026-35298", "notes": [ { "category": "description", "text": "A critical vulnerability in Oracle Fusion Middleware WebLogic Server versions 12.2.1.4.0, 14.1.1.0.0, 14.1.2.0.0, and 15.1.1.0.0 allows a highly privileged attacker with HTTP network access to potentially take control of the server, with a CVSS 3.1 base score of 9.1.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] }, "references": [ { "category": "self", "summary": "CVE-2026-35298 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-35298.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "baseScore": 9.1, "baseSeverity": "CRITICAL" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] } ], "title": "CVE-2026-35298" }, { "cve": "CVE-2026-35299", "notes": [ { "category": "description", "text": "A critical vulnerability in Oracle Fusion Middleware WebLogic Server versions 12.2.1.4.0 and 14.1.1.0.0 allows a low-privileged attacker with HTTP network access to potentially take control of the server, rated CVSS 3.1 base score 8.8.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] }, "references": [ { "category": "self", "summary": "CVE-2026-35299 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-35299.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] } ], "title": "CVE-2026-35299" }, { "cve": "CVE-2026-35300", "notes": [ { "category": "description", "text": "A critical vulnerability in Oracle Fusion Middleware WebLogic Server versions 12.2.1.4.0, 14.1.1.0.0, 14.1.2.0.0, and 15.1.1.0.0 allows unauthenticated network attackers to fully compromise the server, with a CVSS 3.1 base score of 9.8.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] }, "references": [ { "category": "self", "summary": "CVE-2026-35300 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-35300.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] } ], "title": "CVE-2026-35300" }, { "cve": "CVE-2026-35301", "notes": [ { "category": "description", "text": "A critical unauthenticated remote code execution vulnerability with a CVSS 3.1 score of 10.0 affects Oracle Fusion Middleware WebLogic Server versions 12.2.1.4.0 and 14.1.1.0.0, potentially compromising the server and related products.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] }, "references": [ { "category": "self", "summary": "CVE-2026-35301 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-35301.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "baseScore": 10.0, "baseSeverity": "CRITICAL" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] } ], "title": "CVE-2026-35301" }, { "cve": "CVE-2026-35302", "notes": [ { "category": "description", "text": "A critical vulnerability in Oracle Fusion Middleware WebLogic Server versions 12.2.1.4.0 and 14.1.1.0.0 enables unauthenticated network attackers to potentially take control of the server, impacting confidentiality, integrity, and availability with a CVSS 3.1 score of 8.3.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] }, "references": [ { "category": "self", "summary": "CVE-2026-35302 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-35302.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "baseScore": 8.3, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] } ], "title": "CVE-2026-35302" }, { "cve": "CVE-2026-35303", "notes": [ { "category": "description", "text": "A critical vulnerability in Oracle Fusion Middleware WebLogic Server versions 12.2.1.4.0 and 14.1.1.0.0 allows a low-privileged attacker with HTTP network access to potentially take control of the server, rated CVSS 3.1 base score 8.8.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] }, "references": [ { "category": "self", "summary": "CVE-2026-35303 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-35303.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] } ], "title": "CVE-2026-35303" }, { "cve": "CVE-2026-35304", "notes": [ { "category": "description", "text": "A critical unauthenticated remote code execution vulnerability in multiple versions of Oracle Coherence, part of Oracle Fusion Middleware, has a CVSS 3.1 base score of 9.8, severely impacting confidentiality, integrity, and availability.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] }, "references": [ { "category": "self", "summary": "CVE-2026-35304 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-35304.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] } ], "title": "CVE-2026-35304" }, { "cve": "CVE-2026-35305", "notes": [ { "category": "description", "text": "A critical vulnerability in Oracle Coherence 15.1.1.0.0 allows unauthenticated remote attackers to gain unauthorized access and modify data, with a CVSS 3.1 base score of 9.3, potentially impacting additional products.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] }, "references": [ { "category": "self", "summary": "CVE-2026-35305 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-35305.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N", "baseScore": 9.3, "baseSeverity": "CRITICAL" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] } ], "title": "CVE-2026-35305" }, { "cve": "CVE-2026-35306", "notes": [ { "category": "description", "text": "A critical vulnerability in Oracle Coherence 15.1.1.0.0 allows unauthenticated remote attackers to gain unauthorized access and modify data, with a CVSS 3.1 base score of 9.3, potentially impacting additional products.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] }, "references": [ { "category": "self", "summary": "CVE-2026-35306 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-35306.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N", "baseScore": 9.3, "baseSeverity": "CRITICAL" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] } ], "title": "CVE-2026-35306" }, { "cve": "CVE-2026-35307", "notes": [ { "category": "description", "text": "A critical unauthenticated remote code execution vulnerability in multiple versions of Oracle Coherence, part of Oracle Fusion Middleware, has a CVSS 3.1 base score of 10.0 and can lead to full system compromise.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] }, "references": [ { "category": "self", "summary": "CVE-2026-35307 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-35307.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "baseScore": 10.0, "baseSeverity": "CRITICAL" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] } ], "title": "CVE-2026-35307" }, { "cve": "CVE-2026-35308", "notes": [ { "category": "description", "text": "A critical, unauthenticated remote code execution vulnerability in Oracle Coherence, part of Oracle Fusion Middleware, has a CVSS 3.1 base score of 10.0, allowing full system compromise and potentially affecting additional Oracle products.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] }, "references": [ { "category": "self", "summary": "CVE-2026-35308 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-35308.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "baseScore": 10.0, "baseSeverity": "CRITICAL" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] } ], "title": "CVE-2026-35308" }, { "cve": "CVE-2026-35309", "notes": [ { "category": "description", "text": "A critical unauthenticated remote code execution vulnerability in multiple versions of Oracle Coherence, part of Oracle Fusion Middleware, has a CVSS 3.1 base score of 9.8, severely impacting confidentiality, integrity, and availability.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] }, "references": [ { "category": "self", "summary": "CVE-2026-35309 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-35309.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] } ], "title": "CVE-2026-35309" }, { "cve": "CVE-2026-35310", "notes": [ { "category": "description", "text": "A critical unauthenticated remote code execution vulnerability in Oracle Coherence, part of Oracle Fusion Middleware, affects multiple versions and has a CVSS 3.1 base score of 9.8, severely impacting confidentiality, integrity, and availability.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] }, "references": [ { "category": "self", "summary": "CVE-2026-35310 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-35310.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] } ], "title": "CVE-2026-35310" }, { "cve": "CVE-2026-35311", "notes": [ { "category": "description", "text": "A critical vulnerability in Oracle Fusion Middleware WebLogic Server versions 12.2.1.4.0 and 14.1.2.0.0 allows a low-privileged attacker with HTTP network access to fully compromise the server, rated CVSS 3.1 base score 8.8.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] }, "references": [ { "category": "self", "summary": "CVE-2026-35311 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-35311.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] } ], "title": "CVE-2026-35311" }, { "cve": "CVE-2026-35312", "notes": [ { "category": "description", "text": "A critical vulnerability in Oracle Virtual Directory versions 12.2.1.4.0 and 14.1.2.0.0 allows unauthenticated attackers with network LDAP access to fully compromise affected systems, with a CVSS 3.1 base score of 9.8.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] }, "references": [ { "category": "self", "summary": "CVE-2026-35312 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-35312.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] } ], "title": "CVE-2026-35312" }, { "cve": "CVE-2026-35313", "notes": [ { "category": "description", "text": "A critical vulnerability in Oracle Access Manager versions 12.2.1.4.0 and 14.1.2.1.0 allows a low-privileged attacker with HTTP network access to fully compromise the system, with a CVSS 3.1 base score of 9.9.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] }, "references": [ { "category": "self", "summary": "CVE-2026-35313 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-35313.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "baseScore": 9.9, "baseSeverity": "CRITICAL" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] } ], "title": "CVE-2026-35313" }, { "cve": "CVE-2026-35314", "notes": [ { "category": "description", "text": "A vulnerability in Oracle Access Manager's Web Server Plugin versions 12.2.1.4.0 and 14.1.2.1.0 allows unauthenticated attackers with HTTP network access to perform unauthorized data modifications, read access, and partial denial of service, rated CVSS 7.3.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] }, "references": [ { "category": "self", "summary": "CVE-2026-35314 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-35314.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "baseScore": 7.3, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] } ], "title": "CVE-2026-35314" }, { "cve": "CVE-2026-35315", "notes": [ { "category": "description", "text": "A critical vulnerability in Oracle WebCenter Content versions 12.2.1.4.0 and 14.1.2.0.0 allows a low-privileged attacker with HTTP network access to fully compromise the system, with a CVSS 3.1 base score of 8.8.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] }, "references": [ { "category": "self", "summary": "CVE-2026-35315 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-35315.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] } ], "title": "CVE-2026-35315" }, { "cve": "CVE-2026-35316", "notes": [ { "category": "description", "text": "A critical vulnerability in Oracle WebCenter Content versions 12.2.1.4.0 and 14.1.2.0.0 allows a low-privileged attacker with HTTP network access to fully compromise the system, with a CVSS 3.1 base score of 9.9.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] }, "references": [ { "category": "self", "summary": "CVE-2026-35316 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-35316.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "baseScore": 9.9, "baseSeverity": "CRITICAL" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] } ], "title": "CVE-2026-35316" }, { "cve": "CVE-2026-35317", "notes": [ { "category": "description", "text": "A critical vulnerability in Oracle WebCenter Content versions 12.2.1.4.0 and 14.1.2.0.0 allows a low-privileged attacker with HTTP network access to fully compromise the system, with a CVSS 3.1 base score of 8.8.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] }, "references": [ { "category": "self", "summary": "CVE-2026-35317 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-35317.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] } ], "title": "CVE-2026-35317" }, { "cve": "CVE-2026-35318", "notes": [ { "category": "description", "text": "A critical vulnerability in Oracle WebCenter Sites versions 12.2.1.4.0 and 14.1.2.0.0 allows a low-privileged attacker with HTTP network access to fully compromise the system, with a CVSS 3.1 base score of 8.8.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] }, "references": [ { "category": "self", "summary": "CVE-2026-35318 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-35318.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] } ], "title": "CVE-2026-35318" }, { "cve": "CVE-2026-35319", "notes": [ { "category": "description", "text": "A critical unauthenticated remote code execution vulnerability in Oracle WebCenter Content versions 12.2.1.4.0 and 14.1.2.0.0 has a CVSS 3.1 base score of 9.8, severely impacting confidentiality, integrity, and availability.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] }, "references": [ { "category": "self", "summary": "CVE-2026-35319 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-35319.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] } ], "title": "CVE-2026-35319" }, { "cve": "CVE-2026-35320", "notes": [ { "category": "description", "text": "A critical vulnerability in Oracle WebCenter Content versions 12.2.1.4.0 and 14.1.2.0.0 allows unauthenticated remote attackers to potentially compromise system confidentiality, integrity, and availability, with a CVSS score of 9.0.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] }, "references": [ { "category": "self", "summary": "CVE-2026-35320 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-35320.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "baseScore": 9.0, "baseSeverity": "CRITICAL" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] } ], "title": "CVE-2026-35320" }, { "cve": "CVE-2026-35321", "notes": [ { "category": "description", "text": "A critical vulnerability in Oracle WebCenter Content versions 12.2.1.4.0 and 14.1.2.0.0 allows a low-privileged attacker with HTTP network access to fully compromise the system, with a CVSS 3.1 base score of 9.9.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] }, "references": [ { "category": "self", "summary": "CVE-2026-35321 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-35321.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "baseScore": 9.9, "baseSeverity": "CRITICAL" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] } ], "title": "CVE-2026-35321" }, { "cve": "CVE-2026-35322", "notes": [ { "category": "description", "text": "A critical vulnerability in Oracle WebCenter Content versions 12.2.1.4.0 and 14.1.2.0.0 allows a low-privileged attacker with HTTP network access to fully compromise the system, with a CVSS 3.1 base score of 8.8.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] }, "references": [ { "category": "self", "summary": "CVE-2026-35322 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-35322.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] } ], "title": "CVE-2026-35322" }, { "cve": "CVE-2026-35323", "notes": [ { "category": "description", "text": "A critical vulnerability in Oracle WebCenter Content versions 12.2.1.4.0 and 14.1.2.0.0 allows a low-privileged attacker with HTTP network access to fully compromise the system, with a CVSS 3.1 base score of 9.9.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] }, "references": [ { "category": "self", "summary": "CVE-2026-35323 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-35323.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "baseScore": 9.9, "baseSeverity": "CRITICAL" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] } ], "title": "CVE-2026-35323" }, { "cve": "CVE-2026-35324", "notes": [ { "category": "description", "text": "A critical vulnerability in Oracle WebCenter Content versions 12.2.1.4.0 and 14.1.2.0.0 allows a low-privileged attacker with HTTP network access to fully compromise the system, with a CVSS 3.1 base score of 8.8.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] }, "references": [ { "category": "self", "summary": "CVE-2026-35324 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-35324.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] } ], "title": "CVE-2026-35324" }, { "cve": "CVE-2026-35325", "notes": [ { "category": "description", "text": "A critical vulnerability in Oracle WebCenter Content versions 12.2.1.4.0 and 14.1.2.0.0 allows a low-privileged attacker with HTTP network access to fully compromise the system, with a CVSS 3.1 base score of 8.8.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] }, "references": [ { "category": "self", "summary": "CVE-2026-35325 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-35325.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] } ], "title": "CVE-2026-35325" }, { "cve": "CVE-2026-35326", "notes": [ { "category": "description", "text": "A critical vulnerability in Oracle WebCenter Content versions 12.2.1.4.0 and 14.1.2.0.0 allows a highly privileged attacker with HTTP network access to fully compromise the system, with a CVSS 3.1 base score of 7.2.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] }, "references": [ { "category": "self", "summary": "CVE-2026-35326 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-35326.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7.2, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] } ], "title": "CVE-2026-35326" }, { "cve": "CVE-2026-35327", "notes": [ { "category": "description", "text": "A vulnerability in Oracle WebCenter Content versions 12.2.1.4.0 and 14.1.2.0.0 allows a low-privileged attacker with network access via HTTPS to gain unauthorized access and modify critical data, with a CVSS 3.1 base score of 7.6.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] }, "references": [ { "category": "self", "summary": "CVE-2026-35327 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-35327.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N", "baseScore": 7.6, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] } ], "title": "CVE-2026-35327" }, { "cve": "CVE-2026-46765", "notes": [ { "category": "description", "text": "A critical vulnerability in Oracle WebCenter Portal versions 12.2.1.4.0 and 14.1.2.0.0 allows a low-privileged attacker with HTTP network access to fully compromise the portal, with a CVSS 3.1 base score of 9.9.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] }, "references": [ { "category": "self", "summary": "CVE-2026-46765 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-46765.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "baseScore": 9.9, "baseSeverity": "CRITICAL" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] } ], "title": "CVE-2026-46765" }, { "cve": "CVE-2026-46766", "notes": [ { "category": "description", "text": "A critical unauthenticated remote code execution vulnerability in Oracle WebCenter Content versions 12.2.1.4.0 and 14.1.2.0.0 has a CVSS 3.1 base score of 9.8, severely impacting confidentiality, integrity, and availability.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] }, "references": [ { "category": "self", "summary": "CVE-2026-46766 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-46766.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] } ], "title": "CVE-2026-46766" }, { "cve": "CVE-2026-46767", "notes": [ { "category": "description", "text": "A critical vulnerability in Oracle WebCenter Portal versions 12.2.1.4.0 and 14.1.2.0.0 allows a low-privileged attacker with HTTP network access to fully compromise the portal, with a CVSS 3.1 base score of 9.9.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] }, "references": [ { "category": "self", "summary": "CVE-2026-46767 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-46767.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "baseScore": 9.9, "baseSeverity": "CRITICAL" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] } ], "title": "CVE-2026-46767" }, { "cve": "CVE-2026-46769", "notes": [ { "category": "description", "text": "A vulnerability in Oracle Application Development Framework (ADF) versions 12.2.1.4.0 and 14.1.2.0.0 allows a highly privileged attacker with HTTP network access to potentially take control of the ADF, with a CVSS 3.1 base score of 7.2.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] }, "references": [ { "category": "self", "summary": "CVE-2026-46769 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-46769.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7.2, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] } ], "title": "CVE-2026-46769" }, { "cve": "CVE-2026-46770", "notes": [ { "category": "description", "text": "A vulnerability in Oracle Application Development Framework (ADF) versions 12.2.1.4.0 and 14.1.2.0.0 allows unauthenticated attackers with HTTP network access to perform unauthorized read and write operations, with a CVSS 3.1 base score of 6.1.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] }, "references": [ { "category": "self", "summary": "CVE-2026-46770 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-46770.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "baseScore": 6.1, "baseSeverity": "MEDIUM" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] } ], "title": "CVE-2026-46770" }, { "cve": "CVE-2026-46771", "notes": [ { "category": "description", "text": "A vulnerability in Oracle Application Development Framework (ADF) versions 12.2.1.4.0 and 14.1.2.0.0 allows a high-privileged attacker with infrastructure access to gain unauthorized access to critical ADF data, with a CVSS 3.1 base score of 4.1.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] }, "references": [ { "category": "self", "summary": "CVE-2026-46771 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-46771.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N", "baseScore": 4.1, "baseSeverity": "MEDIUM" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] } ], "title": "CVE-2026-46771" }, { "cve": "CVE-2026-46772", "notes": [ { "category": "description", "text": "A vulnerability in Oracle Application Development Framework (ADF) versions 12.2.1.4.0 and 14.1.2.0.0 allows a high-privileged attacker with infrastructure access to gain unauthorized access or modify critical ADF data, with a CVSS 3.1 base score of 4.7.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] }, "references": [ { "category": "self", "summary": "CVE-2026-46772 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-46772.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:L/A:N", "baseScore": 4.7, "baseSeverity": "MEDIUM" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] } ], "title": "CVE-2026-46772" }, { "cve": "CVE-2026-46773", "notes": [ { "category": "description", "text": "A critical vulnerability in Oracle Unified Directory versions 12.2.1.4.0 and 14.1.2.1.0 allows unauthenticated attackers with network LDAP access to fully compromise the system, with a CVSS 3.1 base score of 9.8.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] }, "references": [ { "category": "self", "summary": "CVE-2026-46773 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-46773.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] } ], "title": "CVE-2026-46773" }, { "cve": "CVE-2026-46774", "notes": [ { "category": "description", "text": "A critical remote code execution vulnerability in Oracle Unified Directory versions 12.2.1.4.0 and 14.1.2.1.0 via RMI allows unauthenticated attackers to fully compromise system confidentiality, integrity, and availability with a CVSS 3.1 score of 9.8.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] }, "references": [ { "category": "self", "summary": "CVE-2026-46774 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-46774.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] } ], "title": "CVE-2026-46774" }, { "cve": "CVE-2026-46776", "notes": [ { "category": "description", "text": "A critical vulnerability in Oracle Unified Directory versions 12.2.1.4.0 and 14.1.2.1.0 allows unauthenticated attackers with network LDAP access to perform unauthorized data manipulation and partial denial of service, rated CVSS 3.1 base score 8.6.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] }, "references": [ { "category": "self", "summary": "CVE-2026-46776 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-46776.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L", "baseScore": 8.6, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] } ], "title": "CVE-2026-46776" }, { "cve": "CVE-2026-46777", "notes": [ { "category": "description", "text": "A critical vulnerability in Oracle WebCenter Content versions 12.2.1.4.0 and 14.1.2.0.0 allows unauthenticated attackers network access via HTTP to create, delete, or modify critical data, with a CVSS 3.1 base score of 9.1.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] }, "references": [ { "category": "self", "summary": "CVE-2026-46777 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-46777.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "baseScore": 9.1, "baseSeverity": "CRITICAL" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] } ], "title": "CVE-2026-46777" }, { "cve": "CVE-2026-46778", "notes": [ { "category": "description", "text": "A critical unauthenticated remote code execution vulnerability in Oracle WebCenter Enterprise Capture versions 12.2.1.4.0 and 14.1.2.0.0 via RMI allows full system compromise with a CVSS 3.1 base score of 10.0.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] }, "references": [ { "category": "self", "summary": "CVE-2026-46778 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-46778.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "baseScore": 10.0, "baseSeverity": "CRITICAL" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] } ], "title": "CVE-2026-46778" }, { "cve": "CVE-2026-46779", "notes": [ { "category": "description", "text": "A critical vulnerability in Oracle WebCenter Enterprise Capture versions 12.2.1.4.0 and 14.1.2.0.0 allows a low-privileged attacker with network access via T3 to fully compromise the product, with a CVSS 3.1 base score of 9.9.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] }, "references": [ { "category": "self", "summary": "CVE-2026-46779 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-46779.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "baseScore": 9.9, "baseSeverity": "CRITICAL" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] } ], "title": "CVE-2026-46779" }, { "cve": "CVE-2026-46780", "notes": [ { "category": "description", "text": "A critical vulnerability in Oracle Fusion Middleware WebCenter Content: Imaging (versions 12.2.1.4.0 and 14.1.2.0.0) allows low-privileged attackers network access via HTTP to fully compromise the system, with a CVSS 3.1 score of 8.8.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] }, "references": [ { "category": "self", "summary": "CVE-2026-46780 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-46780.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] } ], "title": "CVE-2026-46780" }, { "cve": "CVE-2026-46781", "notes": [ { "category": "description", "text": "A critical unauthenticated remote code execution vulnerability in Oracle WebCenter Enterprise Capture versions 12.2.1.4.0 and 14.1.2.0.0 via RMI allows full system compromise with a CVSS 3.1 base score of 10.0.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] }, "references": [ { "category": "self", "summary": "CVE-2026-46781 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-46781.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "baseScore": 10.0, "baseSeverity": "CRITICAL" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] } ], "title": "CVE-2026-46781" }, { "cve": "CVE-2026-46782", "notes": [ { "category": "description", "text": "A critical vulnerability in Oracle WebCenter Enterprise Capture versions 12.2.1.4.0 and 14.1.2.0.0 allows a low-privileged attacker with HTTP network access to fully compromise the system, with a CVSS 3.1 base score of 9.9.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] }, "references": [ { "category": "self", "summary": "CVE-2026-46782 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-46782.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "baseScore": 9.9, "baseSeverity": "CRITICAL" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] } ], "title": "CVE-2026-46782" }, { "cve": "CVE-2026-46783", "notes": [ { "category": "description", "text": "A critical unauthenticated remote code execution vulnerability in Oracle Fusion Middleware WebCenter Content: Imaging (versions 12.2.1.4.0 and 14.1.2.0.0) has a CVSS 3.1 base score of 9.8, severely impacting confidentiality, integrity, and availability.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] }, "references": [ { "category": "self", "summary": "CVE-2026-46783 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-46783.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] } ], "title": "CVE-2026-46783" }, { "cve": "CVE-2026-46784", "notes": [ { "category": "description", "text": "A critical vulnerability in Oracle Fusion Middleware WebCenter Content: Imaging (versions 12.2.1.4.0 and 14.1.2.0.0) allows unauthenticated network attackers via HTTP to create, delete, or modify critical data, with a CVSS 3.1 base score of 9.1.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] }, "references": [ { "category": "self", "summary": "CVE-2026-46784 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-46784.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "baseScore": 9.1, "baseSeverity": "CRITICAL" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] } ], "title": "CVE-2026-46784" }, { "cve": "CVE-2026-46785", "notes": [ { "category": "description", "text": "A critical vulnerability in Oracle WebCenter Content 14.1.2.0.0 allows unauthenticated remote attackers to manipulate critical data via HTTP, with a CVSS 3.1 base score of 9.3 and requiring third-party user interaction.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] }, "references": [ { "category": "self", "summary": "CVE-2026-46785 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-46785.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N", "baseScore": 9.3, "baseSeverity": "CRITICAL" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] } ], "title": "CVE-2026-46785" }, { "cve": "CVE-2026-46786", "notes": [ { "category": "description", "text": "A critical vulnerability in Oracle WebCenter Content 14.1.2.0.0 allows unauthenticated remote attackers to potentially take over the system via HTTP, with a CVSS 3.1 base score of 9.6 and requiring user interaction.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] }, "references": [ { "category": "self", "summary": "CVE-2026-46786 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-46786.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "baseScore": 9.6, "baseSeverity": "CRITICAL" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] } ], "title": "CVE-2026-46786" }, { "cve": "CVE-2026-46787", "notes": [ { "category": "description", "text": "A vulnerability in Oracle WebCenter Content 14.1.2.0.0 allows unauthenticated attackers with HTTP network access to cause unauthorized creation, deletion, or modification of critical data, with a CVSS 3.1 base score of 8.0.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] }, "references": [ { "category": "self", "summary": "CVE-2026-46787 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-46787.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N", "baseScore": 8.0, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7", "CSAFPID-8", "CSAFPID-9", "CSAFPID-10", "CSAFPID-11", "CSAFPID-12", "CSAFPID-13", "CSAFPID-14" ] } ], "title": "CVE-2026-46787" } ] }