What is the CVSS score of EUVD-2026-37304?

EUVD-2026-37304 has a CVSS 3.1 base score of 9.6 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H. EPSS exploitation probability: 0.4%.

Which versions of Oracle WebCenter Content are affected by EUVD-2026-37304?

Oracle WebCenter Content 14.1.2.0.0 is vulnerable to remote unauthenticated account takeover allowing attackers to fully compromise user accounts and gain unrestricted access to content repositories;…

How to fix or mitigate EUVD-2026-37304?

Within 24 hours: Inventory all systems running Oracle WebCenter Content 14.1.2.0.0 and assess exposure in production environments. Within 7 days: Deploy Oracle's June 2026 Critical Patch Update to all affected instances. Within 30 days: Audit authentication logs spanning the vulnerability disclosure period for indicators of unauthorized access, verify patch deployment across all systems, and implement enhanced monitoring for WebCenter Content account activity.

Oracle WebCenter Content EUVD-2026-37304

| CVE-2026-46786 CRITICAL

Cross-Site Request Forgery (CSRF) (CWE-352)

2026-06-16 oracle

Oracle Oracle Webcenter Content CSRF

9.6

CVSS 3.1 · Vendor: oracle

Severity by source

Vendor (oracle) PRIMARY

9.6 CRITICAL

AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

vuln.today AI

9.6 CRITICAL

Network-reachable HTTP endpoint with no attacker auth (AV:N/PR:N), low complexity, but requires a victim user interaction (UI:R); takeover crossing into other Fusion Middleware justifies S:C and C/I/A:H.

3.1 AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

4.0 AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Primary rating from Vendor (oracle).

CVSS VectorVendor: oracle

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Jun 16, 2026 - 23:04 vuln.today

DescriptionCVE.org

Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware (component: Content Server). The supported version that is affected is 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Content. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebCenter Content, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle WebCenter Content. CVSS 3.1 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).

AnalysisAI

Account takeover in Oracle WebCenter Content 14.1.2.0.0 (Content Server component) allows a remote unauthenticated attacker to fully compromise the product when a victim user is tricked into interacting with attacker-supplied content over HTTP. The scope-changing flaw carries a CVSS 3.1 base score of 9.6 with high confidentiality, integrity, and availability impact, and there is no public exploit identified at time of analysis. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Recon

Identify exposed WebCenter Content 14.1.2.0.0 instance

Delivery

Craft malicious link or content targeting Content Server

Exploit

Phish authenticated WebCenter user

Install

Victim interaction triggers flaw in browser session

Actions execute with victim's WebCenter privileges

Execute

Pivot across scope boundary into adjacent Fusion Middleware

Impact

Full takeover of Content Server and connected assets

Recon

Identify exposed WebCenter Content 14.1.2.0.0 instance

Delivery

Craft malicious link or content targeting Content Server

Exploit

Phish authenticated WebCenter user

Install

Victim interaction triggers flaw in browser session

Actions execute with victim's WebCenter privileges

Execute

Pivot across scope boundary into adjacent Fusion Middleware

Impact

Full takeover of Content Server and connected assets

Vulnerability AssessmentAI

Exploitation	Exploitation requires (1) network reachability to a vulnerable Oracle WebCenter Content 14.1.2.0.0 Content Server over HTTP/HTTPS, and (2) a human victim other than the attacker - typically an authenticated WebCenter user or administrator - to perform an interaction such as clicking a crafted link, loading attacker-supplied content, or visiting an attacker-controlled page while logged into Content Server (UI:R). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment	Signals are mixed but lean toward elevated priority for any internet- or intranet-exposed WebCenter Content deployment: CVSS 3.1 is 9.6 (Critical) with low attack complexity, no privileges, network vector, and scope change driving the high score, but UI:R means the chain depends on tricking a human - typically a content author or administrator - into clicking or rendering attacker content. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	An attacker crafts a malicious URL or document referencing a Content Server endpoint and delivers it via phishing to a logged-in WebCenter administrator; when the administrator opens the link in an authenticated browser session, the flaw executes attacker-controlled actions in the victim's context, leading to full takeover of the WebCenter Content instance and, because of the scope change, impact on other Fusion Middleware resources reachable from that session. No public exploit identified at time of analysis, so the chain is currently theoretical, but the low attack complexity and the predictable structure of Content Server URLs make weaponization straightforward once details are published.
Remediation	Apply Oracle's June 2026 Critical Patch Update for Oracle WebCenter Content as documented at https://www.oracle.com/security-alerts/cspujun2026.html (Patch available per vendor advisory; an exact post-patch build string is not provided in the input and should be taken from the Oracle CPU patch availability table for 14.1.2.0.0). … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Inventory all systems running Oracle WebCenter Content 14.1.2.0.0 and assess exposure in production environments. …

Threat intelligence, references, and detailed analysis are available after sign-in.

More from same product – last 7 days

CVE-2026-35316 CRITICAL Act Now

9.9 Jun 16

Account takeover in Oracle WebCenter Content 12.2.1.4.0 and 14.1.2.0.0 (Content Server component) allows a low-privilege

CVE-2026-35321 CRITICAL Act Now

9.9 Jun 16

Takeover of Oracle WebCenter Content 12.2.1.4.0 and 14.1.2.0.0 is achievable by a low-privileged remote attacker over HT

CVE-2026-35323 CRITICAL Act Now

9.9 Jun 16

Takeover of Oracle WebCenter Content 12.2.1.4.0 and 14.1.2.0.0 is possible by a low-privileged attacker sending HTTP req

CVE-2026-35286 CRITICAL Act Now

9.8 Jun 16

Remote takeover of Oracle WebCenter Content 12.2.1.4.0 and 14.1.2.0.0 allows unauthenticated network attackers to fully

CVE-2026-35319 CRITICAL Act Now

9.8 Jun 16

Remote unauthenticated takeover of Oracle WebCenter Content 12.2.1.4.0 and 14.1.2.0.0 is possible via the Content Server

EUVD-2026-37304 vulnerability details – vuln.today

Back

Oracle WebCenter Content EUVD-2026-37304

Severity by source

CVSS VectorVendor: oracle

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Unlock full vulnerability intelligence

Attack ChainAIDerived

Vulnerability AssessmentAI

Recommended ActionAI

More from same product – last 7 days

Share

External POC / Exploit Code