What is the CVSS score of CVE-2026-35320?

CVE-2026-35320 has a CVSS 3.1 base score of 9.0 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H. EPSS exploitation probability: 0.4%.

Which versions of Oracle WebCenter Content are affected by CVE-2026-35320?

Oracle WebCenter Content versions 12.2.1.4.0 and 14.1.2.0.0 are vulnerable to unauthenticated remote takeover through the Content Server component, enabling attackers to achieve complete system…

How to fix or mitigate CVE-2026-35320?

Within 24 hours: Restrict network access to Oracle WebCenter Content instances running versions 12.2.1.4.0 or 14.1.2.0.0; deploy Web Application Firewall (WAF) rules targeting Content Server endpoints. Within 7 days: Implement network segmentation to isolate Content Server from other Oracle Fusion Middleware components; enable comprehensive audit logging on all Content Server activities; inventory all downstream systems with dependencies. Within 30 days: Upgrade to patched versions when released by Oracle; if upgrade is not feasible within 30 days, decommission or air-gap affected systems; conduct forensic analysis for evidence of compromise.

Oracle WebCenter Content CVE-2026-35320

EUVD-2026-37446 CRITICAL

Improper Access Control (CWE-284)

2026-06-16 oracle

Oracle Oracle Webcenter Content Authentication Bypass

9.0

CVSS 3.1 · Vendor: oracle

Severity by source

Vendor (oracle) PRIMARY

9.0 CRITICAL

AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

vuln.today AI

9.0 CRITICAL

Network HTTP reach with no auth or user interaction (AV:N/PR:N/UI:N), Oracle-stated difficult conditions (AC:H), scope change to adjacent Fusion Middleware (S:C), and stated full takeover (C:H/I:H/A:H).

3.1 AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

4.0 AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Primary rating from Vendor (oracle).

CVSS VectorVendor: oracle

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Jun 16, 2026 - 23:16 vuln.today

DescriptionCVE.org

Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware (component: Content Server). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Content. While the vulnerability is in Oracle WebCenter Content, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle WebCenter Content. CVSS 3.1 Base Score 9.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H).

AnalysisAI

Remote takeover of Oracle WebCenter Content 12.2.1.4.0 and 14.1.2.0.0 is possible through the Content Server component, allowing an unauthenticated network attacker to fully compromise the product with cascading impact to other Oracle Fusion Middleware components due to a scope change. Oracle assigned a CVSS 3.1 base score of 9.0 (AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H), and no public exploit identified at time of analysis. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Recon

Identify exposed WebCenter Content HTTP endpoint

Delivery

Probe Content Server version and configuration

Exploit

Send crafted HTTP request meeting AC:H precondition

Install

Trigger takeover primitive in Content Server

Execute attacker-controlled actions as Content Server

Execute

Pivot via scope change to adjacent Fusion Middleware

Impact

Exfiltrate documents and abuse trusted backend credentials

Recon

Identify exposed WebCenter Content HTTP endpoint

Delivery

Probe Content Server version and configuration

Exploit

Send crafted HTTP request meeting AC:H precondition

Install

Trigger takeover primitive in Content Server

Execute attacker-controlled actions as Content Server

Execute

Pivot via scope change to adjacent Fusion Middleware

Impact

Exfiltrate documents and abuse trusted backend credentials

Vulnerability AssessmentAI

Exploitation	No authentication and no user interaction are required (PR:N, UI:N) and the attack is delivered over the network via HTTP against the Oracle WebCenter Content Server component, but exploitation is gated by AC:H - Oracle classifies the attack as difficult, meaning the attacker must satisfy conditions outside their direct control such as a specific server state, timing window, or non-default Content Server configuration to land the takeover. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment	This vulnerability mixes critical and mitigating signals that defenders must weigh carefully. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	An attacker reaches the Content Server HTTP endpoint over the network without credentials and sends a crafted request sequence that triggers the high-complexity condition (likely state-dependent or requiring a race/specific configuration), achieving full takeover of WebCenter Content and pivoting through its scope-changing trust relationships into adjacent Fusion Middleware components such as WebLogic or the backing identity store. No public exploit identified at time of analysis, so this scenario assumes a skilled attacker who has reverse-engineered the June 2026 CPU patch.
Remediation	Apply the Oracle Critical Patch Update of June 2026 (cspujun2026) referenced at https://www.oracle.com/security-alerts/cspujun2026.html to the affected 12.2.1.4.0 and 14.1.2.0.0 WebCenter Content deployments - Oracle CPU advisories bundle the exact patch numbers per platform that should be applied through OPatch following the standard Fusion Middleware patching procedure. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Restrict network access to Oracle WebCenter Content instances running versions 12.2.1.4.0 or 14.1.2.0.0; deploy Web Application Firewall (WAF) rules targeting Content Server endpoints. …

Threat intelligence, references, and detailed analysis are available after sign-in.

More from same product – last 7 days

CVE-2026-35316 CRITICAL Act Now

9.9 Jun 16

Account takeover in Oracle WebCenter Content 12.2.1.4.0 and 14.1.2.0.0 (Content Server component) allows a low-privilege

CVE-2026-35321 CRITICAL Act Now

9.9 Jun 16

Takeover of Oracle WebCenter Content 12.2.1.4.0 and 14.1.2.0.0 is achievable by a low-privileged remote attacker over HT

CVE-2026-35323 CRITICAL Act Now

9.9 Jun 16

Takeover of Oracle WebCenter Content 12.2.1.4.0 and 14.1.2.0.0 is possible by a low-privileged attacker sending HTTP req

CVE-2026-35286 CRITICAL Act Now

9.8 Jun 16

Remote takeover of Oracle WebCenter Content 12.2.1.4.0 and 14.1.2.0.0 allows unauthenticated network attackers to fully

CVE-2026-35319 CRITICAL Act Now

9.8 Jun 16

Remote unauthenticated takeover of Oracle WebCenter Content 12.2.1.4.0 and 14.1.2.0.0 is possible via the Content Server

CVE-2026-35320 vulnerability details – vuln.today

Back

Oracle WebCenter Content CVE-2026-35320

Severity by source

CVSS VectorVendor: oracle

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Unlock full vulnerability intelligence

Attack ChainAIDerived

Vulnerability AssessmentAI

Recommended ActionAI

More from same product – last 7 days

Share

External POC / Exploit Code