What is the CVSS score of CVE-2026-35315?

CVE-2026-35315 has a CVSS 3.1 base score of 8.8 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.5%.

Which versions of Oracle WebCenter Content are affected by CVE-2026-35315?

Oracle WebCenter Content systems running versions 12.2.1.4.0 or 14.1.2.0.0 are exposed to account takeover and complete platform compromise, permitting low-privileged attackers to access all…

How to fix or mitigate CVE-2026-35315?

Within 24 hours: Identify all deployments of Oracle WebCenter Content 12.2.1.4.0 and 14.1.2.0.0 across production and non-production environments. Within 7 days: Restrict network access to WebCenter Content servers via firewall whitelisting; enforce additional authentication controls and multi-factor authentication where supported; enable comprehensive audit logging of authentication and administrative events. Within 30 days: Monitor Oracle Critical Security Patch Update advisories for patch release and develop tested upgrade procedures to patched versions when available; evaluate interim operational measures such as taking the Content Server component offline if feasible.

Oracle WebCenter Content CVE-2026-35315

EUVD-2026-37441 HIGH

Improper Access Control (CWE-284)

2026-06-16 oracle

Oracle Oracle Webcenter Content Authentication Bypass

8.8

CVSS 3.1 · Vendor: oracle

Severity by source

Vendor (oracle) PRIMARY

8.8 HIGH

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

vuln.today AI

8.8 HIGH

Network-reachable HTTP endpoint (AV:N), Oracle states easily exploitable (AC:L), requires a low-privileged WebCenter account (PR:L), no user interaction, and full takeover yields C:H/I:H/A:H.

3.1 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (oracle).

CVSS VectorVendor: oracle

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Jun 16, 2026 - 21:41 vuln.today

DescriptionCVE.org

Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware (component: Content Server). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle WebCenter Content. Successful attacks of this vulnerability can result in takeover of Oracle WebCenter Content. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

AnalysisAI

Account takeover in Oracle WebCenter Content 12.2.1.4.0 and 14.1.2.0.0 (Content Server component) lets a low-privileged remote attacker fully compromise the platform over HTTP without user interaction. Oracle's own CVSS 3.1 score of 8.8 reflects high impact across confidentiality, integrity, and availability, and there is no public exploit identified at time of analysis. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access

Obtain low-privileged WebCenter account

Delivery

Reach Content Server HTTP endpoint

Exploit

Send crafted authenticated request

Execution

Trigger Content Server flaw

Persist

Escalate to full product takeover

Impact

Exfiltrate or tamper with managed documents

Access

Obtain low-privileged WebCenter account

Delivery

Reach Content Server HTTP endpoint

Exploit

Send crafted authenticated request

Execution

Trigger Content Server flaw

Persist

Escalate to full product takeover

Impact

Exfiltrate or tamper with managed documents

Vulnerability AssessmentAI

Exploitation	Attacker must hold a low-privileged authenticated account on the target Oracle WebCenter Content instance (PR:L in the CVSS vector) and must be able to reach the Content Server HTTP interface over the network; no user interaction, no special victim-side configuration, and no elevated role is required, and Oracle classifies the flaw as 'easily exploitable.' Limiting factors: the requirement for a valid low-privileged credential rules out fully unauthenticated internet scanning attacks, and instances where the Content Server HTTP endpoint is firewalled to internal networks or fronted by an authenticating reverse proxy with strict user provisioning are correspondingly harder to reach. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment	Signals are mixed but lean toward prioritized patching: the CVSS 3.1 vector AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H indicates a network-reachable, low-complexity flaw requiring only a low-privileged account and yielding full takeover, which is realistic for internet- or intranet-exposed WebCenter portals where any authenticated user role exists. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	An attacker obtains or registers a low-privileged WebCenter Content account (for example, a contributor or self-service portal user) and sends a crafted HTTP request to a vulnerable Content Server endpoint reachable on the network. Without any user interaction the request triggers the flaw and yields full takeover of the WebCenter Content instance - read/write access to all managed documents and the ability to disrupt service - which on an internet-exposed deployment is realistically reachable from anywhere. …
Remediation	Apply the Oracle Critical Patch Update of June 2026 for Fusion Middleware, which is the patch available per vendor advisory at https://www.oracle.com/security-alerts/cspujun2026.html - Oracle has not published a discrete fix-version string in the supplied data, so consult the CPU patch matrix for the exact bundle ID corresponding to your 12.2.1.4.0 or 14.1.2.0.0 deployment. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Identify all deployments of Oracle WebCenter Content 12.2.1.4.0 and 14.1.2.0.0 across production and non-production environments. …

Threat intelligence, references, and detailed analysis are available after sign-in.

More from same product – last 7 days

CVE-2026-35316 CRITICAL Act Now

9.9 Jun 16

Account takeover in Oracle WebCenter Content 12.2.1.4.0 and 14.1.2.0.0 (Content Server component) allows a low-privilege

CVE-2026-35321 CRITICAL Act Now

9.9 Jun 16

Takeover of Oracle WebCenter Content 12.2.1.4.0 and 14.1.2.0.0 is achievable by a low-privileged remote attacker over HT

CVE-2026-35323 CRITICAL Act Now

9.9 Jun 16

Takeover of Oracle WebCenter Content 12.2.1.4.0 and 14.1.2.0.0 is possible by a low-privileged attacker sending HTTP req

CVE-2026-35286 CRITICAL Act Now

9.8 Jun 16

Remote takeover of Oracle WebCenter Content 12.2.1.4.0 and 14.1.2.0.0 allows unauthenticated network attackers to fully

CVE-2026-35319 CRITICAL Act Now

9.8 Jun 16

Remote unauthenticated takeover of Oracle WebCenter Content 12.2.1.4.0 and 14.1.2.0.0 is possible via the Content Server

CVE-2026-35315 vulnerability details – vuln.today

Back

Oracle WebCenter Content CVE-2026-35315

Severity by source

CVSS VectorVendor: oracle

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Unlock full vulnerability intelligence

Attack ChainAIDerived

Vulnerability AssessmentAI

Recommended ActionAI

More from same product – last 7 days

Share

External POC / Exploit Code