Skip to main content

Oracle WebCenter Content CVE-2026-35326

| EUVD-2026-37452 HIGH
Improper Access Control (CWE-284)
2026-06-16 oracle
Oracle Oracle Webcenter Content Authentication Bypass
7.2
CVSS 3.1 · Vendor: oracle
Share

Severity by source

Vendor (oracle) PRIMARY
7.2 HIGH
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
vuln.today AI
7.2 HIGH

HTTP-reachable Content Server function requiring an existing high-privileged account (PR:H), trivially scriptable once authenticated (AC:L, UI:N), yielding full system takeover (C:H/I:H/A:H).

3.1 AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
4.0 AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (oracle).

CVSS VectorVendor: oracle

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
Analysis Generated
Jun 16, 2026 - 23:14 vuln.today

DescriptionCVE.org

Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware (component: Content Server). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebCenter Content. Successful attacks of this vulnerability can result in takeover of Oracle WebCenter Content. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).

AnalysisAI

Full takeover of Oracle WebCenter Content 12.2.1.4.0 and 14.1.2.0.0 is possible when a high-privileged attacker reaches the Content Server over HTTP, per Oracle's June 2026 Critical Patch Update. The flaw yields complete confidentiality, integrity, and availability compromise (CVSS 7.2) but requires existing elevated privileges, and no public exploit identified at time of analysis. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain Content Server admin credentials
Delivery
Reach HTTP interface on affected version
Exploit
Invoke vulnerable privileged function
Execution
Abuse Content Server internals
Impact
Full takeover of WebCenter Content
Sign in to reveal

Vulnerability AssessmentAI

Exploitation Exploitation requires the attacker to already hold a high-privileged (administrative) account on the Oracle WebCenter Content Server, network reachability to its HTTP interface, and one of the affected Content Server versions (12.2.1.4.0 or 14.1.2.0.0) within Oracle Fusion Middleware; no end-user interaction is needed (UI:N) and attack complexity is low (AC:L). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 vector AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H reflects easy network exploitation but only after obtaining high privileges, which materially constrains real-world exposure to insiders, compromised admin accounts, or chained attacks following an initial privilege escalation. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who already holds (or has compromised) a high-privileged Oracle WebCenter Content account - for example via phishing of an administrator, reuse of leaked SSO credentials, or chaining a prior privilege-escalation bug - reaches the Content Server over HTTP and invokes the vulnerable administrative function. Because AC:L and UI:N apply, the request can be scripted and requires no victim interaction, resulting in full takeover of the Content Server and its document repository. …
Remediation Apply the fixes bundled in the Oracle June 2026 Critical Patch Update (cpujun2026) for Oracle WebCenter Content 12.2.1.4.0 and 14.1.2.0.0 per https://www.oracle.com/security-alerts/cspujun2026.html; patch available per vendor advisory, with no separately published standalone fix version called out beyond the CPU. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Recommended ActionAI

Within 24 hours: Audit all Oracle WebCenter Content deployments; disable HTTP access and enforce HTTPS-only communication for all affected systems. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

More from same product – last 7 days

CVE-2026-35316 CRITICAL
9.9 Jun 16

Account takeover in Oracle WebCenter Content 12.2.1.4.0 and 14.1.2.0.0 (Content Server component) allows a low-privilege
CVE-2026-35321 CRITICAL
9.9 Jun 16

Takeover of Oracle WebCenter Content 12.2.1.4.0 and 14.1.2.0.0 is achievable by a low-privileged remote attacker over HT
CVE-2026-35323 CRITICAL
9.9 Jun 16

Takeover of Oracle WebCenter Content 12.2.1.4.0 and 14.1.2.0.0 is possible by a low-privileged attacker sending HTTP req
CVE-2026-35286 CRITICAL
9.8 Jun 16

Remote takeover of Oracle WebCenter Content 12.2.1.4.0 and 14.1.2.0.0 allows unauthenticated network attackers to fully

CVE-2026-35319 CRITICAL
9.8 Jun 16

Remote unauthenticated takeover of Oracle WebCenter Content 12.2.1.4.0 and 14.1.2.0.0 is possible via the Content Server

Share

CVE-2026-35326 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy