Skip to main content

Oracle WebCenter Content CVE-2026-35316

| EUVD-2026-37442 CRITICAL
Improper Access Control (CWE-284)
2026-06-16 oracle
Oracle Oracle Webcenter Content Authentication Bypass
9.9
CVSS 3.1 · Vendor: oracle
Share

Severity by source

Vendor (oracle) PRIMARY
9.9 CRITICAL
AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
vuln.today AI
9.9 CRITICAL

HTTP-reachable Content Server (AV:N, AC:L), requires a low-privileged WebCenter account (PR:L), no user interaction, full takeover with documented cross-product scope change (S:C, C/I/A:H).

3.1 AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Primary rating from Vendor (oracle).

CVSS VectorVendor: oracle

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
Analysis Generated
Jun 16, 2026 - 23:19 vuln.today

DescriptionCVE.org

Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware (component: Content Server). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle WebCenter Content. While the vulnerability is in Oracle WebCenter Content, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle WebCenter Content. CVSS 3.1 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).

AnalysisAI

Account takeover in Oracle WebCenter Content 12.2.1.4.0 and 14.1.2.0.0 (Content Server component) allows a low-privileged remote attacker to compromise the application over HTTP and pivot to other products via a scope change. The CVSS 3.1 base score is 9.9 (AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H), reflecting easy exploitation with high confidentiality, integrity, and availability impact. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Identify exposed WebCenter Content endpoint
Delivery
Authenticate with low-privileged account
Exploit
Send crafted HTTP request to Content Server
Execution
Exploit flaw to take over WebCenter Content
Persist
Leverage scope change to pivot to integrated Fusion Middleware components
Impact
Exfiltrate or alter managed content
Sign in to reveal

Vulnerability AssessmentAI

Exploitation Attacker must (1) reach the Oracle WebCenter Content Server over HTTP/HTTPS, and (2) hold a low-privileged authenticated account on the WebCenter Content instance (PR:L from the CVSS vector - typical contributor, self-service, or integration accounts qualify); no user interaction and no special non-default configuration are called out in Oracle's description. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS vector AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H is severe: network-reachable HTTP, low complexity, no user interaction, a scope change, and full CIA impact justify the 9.9 score, and 'low privileged' is a realistic prerequisite in WebCenter Content because the platform routinely issues self-service or contributor accounts. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who has obtained or registered any low-privileged WebCenter Content account sends crafted HTTP requests to the Content Server, abuses the flaw to escalate within the application, and takes full control of the WebCenter Content instance - then leverages the documented scope change to reach integrated Fusion Middleware components such as WebLogic-hosted services. Because UI:N and AC:L, the attack can be scripted against any exposed instance once the technique is known; no public exploit identified at time of analysis.
Remediation Apply the patches shipped in the Oracle Critical Patch Update of June 2026 referenced at https://www.oracle.com/security-alerts/cspujun2026.html for Oracle WebCenter Content 12.2.1.4.0 and 14.1.2.0.0; the input does not name an exact post-patch build, so refer to the CPU advisory for the precise bundle/patch number for your platform. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Recommended ActionAI

Within 24 hours: Identify all WebCenter Content deployments running versions 12.2.1.4.0 or 14.1.2.0.0; review authentication logs for suspicious low-privileged account activity. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

More from same product – last 7 days

CVE-2026-35321 CRITICAL
9.9 Jun 16

Takeover of Oracle WebCenter Content 12.2.1.4.0 and 14.1.2.0.0 is achievable by a low-privileged remote attacker over HT
CVE-2026-35323 CRITICAL
9.9 Jun 16

Takeover of Oracle WebCenter Content 12.2.1.4.0 and 14.1.2.0.0 is possible by a low-privileged attacker sending HTTP req
CVE-2026-35286 CRITICAL
9.8 Jun 16

Remote takeover of Oracle WebCenter Content 12.2.1.4.0 and 14.1.2.0.0 allows unauthenticated network attackers to fully

CVE-2026-35319 CRITICAL
9.8 Jun 16

Remote unauthenticated takeover of Oracle WebCenter Content 12.2.1.4.0 and 14.1.2.0.0 is possible via the Content Server
CVE-2026-46766 CRITICAL
9.8 Jun 16

Remote unauthenticated takeover of Oracle WebCenter Content 12.2.1.4.0 and 14.1.2.0.0 is possible via HTTP requests to t

Share

CVE-2026-35316 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy