Skip to main content

Oracle WebCenter Content CVE-2026-35319

| EUVD-2026-37445 CRITICAL
Improper Access Control (CWE-284)
2026-06-16 oracle
Oracle Oracle Webcenter Content Authentication Bypass
9.8
CVSS 3.1 · Vendor: oracle
Share

Severity by source

Vendor (oracle) PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vuln.today AI
9.8 CRITICAL

Oracle states unauthenticated network HTTP exploitation is easy and results in full product takeover, justifying AV:N/AC:L/PR:N/UI:N with C:H/I:H/A:H and unchanged scope.

3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (oracle).

CVSS VectorVendor: oracle

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
Analysis Generated
Jun 16, 2026 - 23:17 vuln.today

DescriptionCVE.org

Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware (component: Content Server). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Content. Successful attacks of this vulnerability can result in takeover of Oracle WebCenter Content. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

AnalysisAI

Remote unauthenticated takeover of Oracle WebCenter Content 12.2.1.4.0 and 14.1.2.0.0 is possible via the Content Server component over HTTP, scored CVSS 9.8 by Oracle. No public exploit identified at time of analysis, but the low attack complexity and lack of authentication requirement make this a high-priority patch target for any Oracle Fusion Middleware environment exposing WebCenter Content.

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Identify exposed WebCenter Content host
Delivery
Send crafted HTTP request to Content Server
Exploit
Trigger unauthenticated takeover flaw
Execution
Gain Content Server control
Impact
Exfiltrate managed documents and pivot
Sign in to reveal

Vulnerability AssessmentAI

Exploitation No special conditions - remote unauthenticated exploitation over HTTP against default configurations of Oracle WebCenter Content 12.2.1.4.0 and 14.1.2.0.0 Content Server, per Oracle's explicit 'easily exploitable' characterization and the AV:N/AC:L/PR:N/UI:N vector. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 vector AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H represents the worst practical combination: network-reachable, low-complexity, no auth, no user interaction, with full confidentiality, integrity, and availability impact - Oracle explicitly describes it as 'easily exploitable' resulting in 'takeover.' This CVE is not listed in CISA KEV and no public POC is referenced, and EPSS data was not provided, so real-world exploitation pressure is currently unknown despite the maximal CVSS. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An external attacker scans for internet-exposed Oracle WebCenter Content instances on standard HTTP/HTTPS ports, sends a single crafted HTTP request to the vulnerable Content Server endpoint, and gains full control of the application - enabling theft of managed documents, modification of records, and use of the server as a pivot into the Fusion Middleware tier. No credentials, user interaction, or prior foothold are required, and given Oracle's 'easily exploitable' wording, mass scanning is plausible once a POC emerges even though none is publicly identified at time of analysis.
Remediation Apply the Oracle Critical Patch Update for June 2026 as documented at https://www.oracle.com/security-alerts/cspujun2026.html, which is the patch available per vendor advisory for both 12.2.1.4.0 and 14.1.2.0.0 - Oracle CPU patches are cumulative, so install the full CPU bundle rather than only the WebCenter component fix. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Recommended ActionAI

Within 24 hours: Audit all Oracle WebCenter Content deployments; restrict network access to Content Server endpoints via firewall rules, limiting connectivity to trusted internal networks only. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

More from same product – last 7 days

CVE-2026-35316 CRITICAL
9.9 Jun 16

Account takeover in Oracle WebCenter Content 12.2.1.4.0 and 14.1.2.0.0 (Content Server component) allows a low-privilege
CVE-2026-35321 CRITICAL
9.9 Jun 16

Takeover of Oracle WebCenter Content 12.2.1.4.0 and 14.1.2.0.0 is achievable by a low-privileged remote attacker over HT
CVE-2026-35323 CRITICAL
9.9 Jun 16

Takeover of Oracle WebCenter Content 12.2.1.4.0 and 14.1.2.0.0 is possible by a low-privileged attacker sending HTTP req
CVE-2026-35286 CRITICAL
9.8 Jun 16

Remote takeover of Oracle WebCenter Content 12.2.1.4.0 and 14.1.2.0.0 allows unauthenticated network attackers to fully

CVE-2026-46766 CRITICAL
9.8 Jun 16

Remote unauthenticated takeover of Oracle WebCenter Content 12.2.1.4.0 and 14.1.2.0.0 is possible via HTTP requests to t

Share

CVE-2026-35319 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy