What is the CVSS score of CVE-2026-35323?

CVE-2026-35323 has a CVSS 3.1 base score of 9.9 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H. EPSS exploitation probability: 0.5%.

Which versions of Oracle WebCenter Content are affected by CVE-2026-35323?

Oracle WebCenter Content (versions 12.2.1.4.0 and 14.1.2.0.0) contains a critical vulnerability enabling unauthorized system takeover through low-privilege HTTP requests, with cascading risk to…

How to fix or mitigate CVE-2026-35323?

Within 24 hours: Inventory all Oracle WebCenter Content 12.2.1.4.0 and 14.1.2.0.0 instances in your environment; restrict HTTP access to the Content Server component to essential users only and disable external access where possible. Within 7 days: Implement enhanced monitoring and logging of all Content Server HTTP traffic; review access logs for signs of exploitation. Within 30 days: Contact Oracle for patch timeline; if no patch emerges within 60 days, evaluate alternative document management platforms or implement long-term compensating controls.

Oracle WebCenter Content CVE-2026-35323

EUVD-2026-37449 CRITICAL

Improper Access Control (CWE-284)

2026-06-16 oracle

Oracle Oracle Webcenter Content Authentication Bypass

9.9

CVSS 3.1 · Vendor: oracle

Severity by source

Vendor (oracle) PRIMARY

9.9 CRITICAL

AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

vuln.today AI

9.9 CRITICAL

Oracle describes easily exploitable HTTP access by a low-privileged user with no interaction, scope change to other Fusion Middleware products, and full takeover impact.

3.1 AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Primary rating from Vendor (oracle).

CVSS VectorVendor: oracle

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Jun 16, 2026 - 23:15 vuln.today

DescriptionCVE.org

Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware (component: Content Server). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle WebCenter Content. While the vulnerability is in Oracle WebCenter Content, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle WebCenter Content. CVSS 3.1 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).

AnalysisAI

Takeover of Oracle WebCenter Content 12.2.1.4.0 and 14.1.2.0.0 is possible by a low-privileged attacker sending HTTP requests to the Content Server component, with a scope change that can significantly impact additional products. Oracle rates this 9.9 CVSS and describes it as easily exploitable, and no public exploit identified at time of analysis. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access

Identify exposed WebCenter Content HTTP endpoint

Delivery

Authenticate with low-privileged account

Exploit

Send crafted Content Server request

Execution

Trigger scope-changing flaw

Persist

Take over WebCenter Content instance

Impact

Pivot to integrated Fusion Middleware products

Access

Identify exposed WebCenter Content HTTP endpoint

Delivery

Authenticate with low-privileged account

Exploit

Send crafted Content Server request

Execution

Trigger scope-changing flaw

Persist

Take over WebCenter Content instance

Impact

Pivot to integrated Fusion Middleware products

Vulnerability AssessmentAI

Exploitation	Attacker must have network access to the Oracle WebCenter Content Server HTTP(S) interface and valid credentials for any low-privileged WebCenter Content account (CVSS PR:L), with no user interaction required (UI:N) and low attack complexity (AC:L) against the default configuration of supported versions 12.2.1.4.0 and 14.1.2.0.0. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment	The CVSS:3.1 vector AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H and 9.9 base score are the strongest available signals: remote over HTTP, low complexity, only a low-privileged account required, no user interaction, scope change and full confidentiality/integrity/availability impact - Oracle itself labels it 'easily exploitable'. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	An attacker who has obtained or registered any low-privileged Oracle WebCenter Content account - for example via a self-service portal, a reused integration credential, or a phished employee - sends a crafted HTTP request to the Content Server endpoint and triggers the flaw without user interaction. Because the scope changes, the resulting code/data-access primitive lets them take over the WebCenter Content instance and pivot into integrated Fusion Middleware components (such as identity stores or downstream document consumers), exfiltrating sensitive content and planting backdoors; no public exploit identified at time of analysis, so initial waves are likely to be targeted rather than mass-scanned.
Remediation	Patch available per vendor advisory: apply the Oracle Critical Patch Update for June 2026 (https://www.oracle.com/security-alerts/cspujun2026.html) to Oracle WebCenter Content 12.2.1.4.0 and 14.1.2.0.0 using the WebCenter Content patch set identified in the CPU matrix, following Oracle's documented Fusion Middleware patching procedure and restarting the Content Server managed servers. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Inventory all Oracle WebCenter Content 12.2.1.4.0 and 14.1.2.0.0 instances in your environment; restrict HTTP access to the Content Server component to essential users only and disable external access where possible. …

Threat intelligence, references, and detailed analysis are available after sign-in.

More from same product – last 7 days

CVE-2026-35316 CRITICAL Act Now

9.9 Jun 16

Account takeover in Oracle WebCenter Content 12.2.1.4.0 and 14.1.2.0.0 (Content Server component) allows a low-privilege

CVE-2026-35321 CRITICAL Act Now

9.9 Jun 16

Takeover of Oracle WebCenter Content 12.2.1.4.0 and 14.1.2.0.0 is achievable by a low-privileged remote attacker over HT

CVE-2026-35286 CRITICAL Act Now

9.8 Jun 16

Remote takeover of Oracle WebCenter Content 12.2.1.4.0 and 14.1.2.0.0 allows unauthenticated network attackers to fully

CVE-2026-35319 CRITICAL Act Now

9.8 Jun 16

Remote unauthenticated takeover of Oracle WebCenter Content 12.2.1.4.0 and 14.1.2.0.0 is possible via the Content Server

CVE-2026-46766 CRITICAL Act Now

9.8 Jun 16

Remote unauthenticated takeover of Oracle WebCenter Content 12.2.1.4.0 and 14.1.2.0.0 is possible via HTTP requests to t

CVE-2026-35323 vulnerability details – vuln.today

Back

Oracle WebCenter Content CVE-2026-35323

Severity by source

CVSS VectorVendor: oracle

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Unlock full vulnerability intelligence

Attack ChainAIDerived

Vulnerability AssessmentAI

Recommended ActionAI

More from same product – last 7 days

Share

External POC / Exploit Code