Skip to main content

Oracle WebCenter Content EUVD-2026-37295

| CVE-2026-46777 CRITICAL
Improper Access Control (CWE-284)
2026-06-16 oracle
Authentication Bypass Oracle Oracle Webcenter Content
9.1
CVSS 3.1 · Vendor: oracle
Share

Severity by source

Vendor (oracle) PRIMARY
9.1 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
vuln.today AI
9.1 CRITICAL

Oracle describes easy unauthenticated HTTP exploitation (AV:N/AC:L/PR:N/UI:N), full read/write of Content Server data (C:H/I:H), no availability impact stated (A:N), no scope change.

3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (oracle).

CVSS VectorVendor: oracle

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
None

Lifecycle Timeline

1
Analysis Generated
Jun 16, 2026 - 23:09 vuln.today

DescriptionCVE.org

Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware (component: Content Server). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Content. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle WebCenter Content accessible data as well as unauthorized access to critical data or complete access to all Oracle WebCenter Content accessible data. CVSS 3.1 Base Score 9.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).

AnalysisAI

Unauthenticated remote compromise of Oracle WebCenter Content (Fusion Middleware Content Server) in versions 12.2.1.4.0 and 14.1.2.0.0 allows network-based attackers to read, create, modify, or delete any data accessible to the Content Server via HTTP. The flaw carries a CVSS 3.1 base score of 9.1 with high confidentiality and integrity impact, no authentication, and low attack complexity. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Identify exposed WebCenter Content HTTP endpoint
Delivery
Send crafted request bypassing authentication
Exploit
Server processes request as privileged
Execution
Read, modify, or delete managed content
Impact
Exfiltrate or tamper with critical documents
Sign in to reveal

Vulnerability AssessmentAI

Exploitation Exploitation requires only network reachability to the Oracle WebCenter Content Server HTTP interface on a deployment running supported version 12.2.1.4.0 or 14.1.2.0.0; no authentication, no user interaction, and no special non-default configuration are called out by Oracle, consistent with PR:N/UI:N/AC:L. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment All signals point in the same direction: the CVSS vector AV:N/AC:L/PR:N/UI:N is the worst-case exposure profile (network, low complexity, no privileges, no user interaction), the scope is unchanged but C:H/I:H means full read and write over Content Server data, and Oracle itself describes it as 'easily exploitable'. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who can reach the Oracle WebCenter Content Server over HTTP sends a crafted request to a Content Server endpoint that the authentication layer fails to gate properly, and is treated as a privileged user. From that single request they can enumerate, exfiltrate, modify, or delete managed documents - for example pulling HR or contract records out of a corporate document repository, or tampering with regulated records to defeat integrity controls. …
Remediation Apply patch available per vendor advisory by installing the Oracle Critical Patch Update of June 2026 for Oracle Fusion Middleware / WebCenter Content on both 12.2.1.4.0 and 14.1.2.0.0 deployments, as published at https://www.oracle.com/security-alerts/cspujun2026.html; Oracle's input does not enumerate a single exact post-patch build string, so confirm the specific bundle patch number from the CPU advisory matrix for your installed release. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Recommended ActionAI

24 hours: Conduct immediate inventory of all Oracle WebCenter Content instances and confirm deployed versions (specifically 12.2.1.4.0 and 14.1.2.0.0). …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

More from same product – last 7 days

CVE-2026-35316 CRITICAL
9.9 Jun 16

Account takeover in Oracle WebCenter Content 12.2.1.4.0 and 14.1.2.0.0 (Content Server component) allows a low-privilege
CVE-2026-35321 CRITICAL
9.9 Jun 16

Takeover of Oracle WebCenter Content 12.2.1.4.0 and 14.1.2.0.0 is achievable by a low-privileged remote attacker over HT
CVE-2026-35323 CRITICAL
9.9 Jun 16

Takeover of Oracle WebCenter Content 12.2.1.4.0 and 14.1.2.0.0 is possible by a low-privileged attacker sending HTTP req
CVE-2026-35286 CRITICAL
9.8 Jun 16

Remote takeover of Oracle WebCenter Content 12.2.1.4.0 and 14.1.2.0.0 allows unauthenticated network attackers to fully

CVE-2026-35319 CRITICAL
9.8 Jun 16

Remote unauthenticated takeover of Oracle WebCenter Content 12.2.1.4.0 and 14.1.2.0.0 is possible via the Content Server

Share

EUVD-2026-37295 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy