Skip to main content

Oracle WebCenter Content CVE-2026-35324

| EUVD-2026-37450 HIGH
Improper Access Control (CWE-284)
2026-06-16 oracle
Oracle Oracle Webcenter Content Authentication Bypass
8.8
CVSS 3.1 · Vendor: oracle
Share

Severity by source

Vendor (oracle) PRIMARY
8.8 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
vuln.today AI
8.8 HIGH

Oracle states easily exploitable over HTTP by a low-privileged attacker resulting in product takeover, justifying AV:N, AC:L, PR:L, UI:N, and C:H/I:H/A:H with no scope change.

3.1 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (oracle).

CVSS VectorVendor: oracle

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
Analysis Generated
Jun 16, 2026 - 23:15 vuln.today

DescriptionCVE.org

Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware (component: Content Server). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle WebCenter Content. Successful attacks of this vulnerability can result in takeover of Oracle WebCenter Content. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

AnalysisAI

Account takeover in Oracle WebCenter Content 12.2.1.4.0 and 14.1.2.0.0 (Content Server component) allows a low-privileged authenticated attacker with HTTP network access to fully compromise the product, impacting confidentiality, integrity, and availability. Oracle rates this 8.8 (CVSS 3.1) and describes it as 'easily exploitable.' No public exploit identified at time of analysis, and it is not listed in CISA KEV.

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain low-privileged WebCenter account
Delivery
Reach Content Server HTTP endpoint
Exploit
Send crafted HTTP request
Execution
Exploit Content Server flaw
Persist
Escalate to administrative control
Impact
Exfiltrate or tamper with managed content
Sign in to reveal

Vulnerability AssessmentAI

Exploitation Attacker must hold a valid low-privileged account on the target Oracle WebCenter Content instance (PR:L) and must be able to reach the Content Server HTTP interface over the network (AV:N) - no user interaction is required (UI:N) and attack complexity is low (AC:L). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 vector AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H plus Oracle's own 'easily exploitable' wording and 'takeover' impact statement make this a high-priority patch item for any organization running WebCenter Content, particularly where the Content Server is reachable from internal user networks or, worse, exposed to the internet. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who has obtained any low-privileged WebCenter Content account - for example through a phished employee credential, a stale contractor login, or a compromised federated SSO identity - sends crafted HTTP requests to the Content Server endpoint and abuses the flaw to escalate to full administrative control of the content repository, then exfiltrates sensitive documents, plants malicious content, or disrupts the service. No public exploit identified at time of analysis, so the scenario currently requires the attacker to develop their own technique against the patched/unpatched diff.
Remediation Patch available per vendor advisory: apply the fixes shipped in the Oracle Critical Patch Update of June 2026 (https://www.oracle.com/security-alerts/cspujun2026.html) for WebCenter Content 12.2.1.4.0 and 14.1.2.0.0; no exact post-patch build identifier was provided in the input, so cross-reference the CPU patch matrix to obtain the exact bundle for your release train. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Recommended ActionAI

24 hours: Identify all systems running Oracle WebCenter Content 12.2.1.4.0 or 14.1.2.0.0 and their business criticality. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

More from same product – last 7 days

CVE-2026-35316 CRITICAL
9.9 Jun 16

Account takeover in Oracle WebCenter Content 12.2.1.4.0 and 14.1.2.0.0 (Content Server component) allows a low-privilege
CVE-2026-35321 CRITICAL
9.9 Jun 16

Takeover of Oracle WebCenter Content 12.2.1.4.0 and 14.1.2.0.0 is achievable by a low-privileged remote attacker over HT
CVE-2026-35323 CRITICAL
9.9 Jun 16

Takeover of Oracle WebCenter Content 12.2.1.4.0 and 14.1.2.0.0 is possible by a low-privileged attacker sending HTTP req
CVE-2026-35286 CRITICAL
9.8 Jun 16

Remote takeover of Oracle WebCenter Content 12.2.1.4.0 and 14.1.2.0.0 allows unauthenticated network attackers to fully

CVE-2026-35319 CRITICAL
9.8 Jun 16

Remote unauthenticated takeover of Oracle WebCenter Content 12.2.1.4.0 and 14.1.2.0.0 is possible via the Content Server

Share

CVE-2026-35324 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy