Severity by source
AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
HTTP-reachable Security Framework flaw exploitable by any low-privileged portal user with no UI, and Oracle confirms scope change with full CIA impact across adjacent Fusion Middleware products.
Primary rating from Vendor (oracle).
CVSS VectorVendor: oracle
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionCVE.org
Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion Middleware (component: Security Framework). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle WebCenter Portal. While the vulnerability is in Oracle WebCenter Portal, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle WebCenter Portal. CVSS 3.1 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).
AnalysisAI
Account takeover in Oracle WebCenter Portal 12.2.1.4.0 and 14.1.2.0.0 allows a low-privileged attacker with HTTP network access to fully compromise the Security Framework component and pivot into adjacent products via a scope change. The flaw carries a CVSS 3.1 base score of 9.9 with high impact across confidentiality, integrity, and availability, and no public exploit identified at time of analysis. Oracle disclosed the issue in the June 2026 Critical Patch Update, but no CISA KEV listing or EPSS data was provided in the input.
Technical ContextAI
The vulnerability resides in the Security Framework component of Oracle WebCenter Portal, the enterprise portal layer built on Oracle Fusion Middleware that handles authentication, authorization, and identity propagation for portal applications and integrated services. CPE data (cpe:2.3:a:oracle_corporation:oracle_webcenter_portal) confirms the affected platform is the Oracle WebCenter Portal product family rather than other Fusion Middleware components. While the CWE is not specified in the input, the combination of low-privilege precondition, scope change (S:C), and full CIA impact is characteristic of broken authorization or privilege-escalation flaws in the security/identity layer that allow an authenticated user to escape their assigned role and act on behalf of, or across, other trust boundaries inside the Fusion Middleware stack.
RemediationAI
Apply the patches from the Oracle Critical Patch Update advisory at https://www.oracle.com/security-alerts/cspujun2026.html (June 2026 CPU) for Oracle WebCenter Portal 12.2.1.4.0 and 14.1.2.0.0; exact post-patch build identifiers are not enumerated in the input and should be taken directly from the Oracle CPU patch matrix. Until patching, restrict HTTP access to the WebCenter Portal endpoints to trusted networks via a reverse proxy or WAF, tighten self-registration and federation policies so that low-privileged accounts cannot be obtained easily by external parties, and monitor portal authentication and security-framework audit logs for anomalous privilege use or cross-application requests - note that locking down self-registration will block legitimate onboarding flows, and proxy-level restrictions may break federated SSO partners, so coordinate with identity and business owners before enforcing.
More in Oracle Webcenter Portal
View allComplete takeover of Oracle WebCenter Portal 12.2.1.4.0 and 14.1.2.0.0 is achievable by unauthenticated remote attackers
Unauthenticated remote takeover of Oracle WebCenter Portal versions 12.2.1.4.0 and 14.1.2.0.0 is possible over HTTP via
Account takeover in Oracle WebCenter Portal 12.2.1.4.0 and 14.1.2.0.0 (Fusion Middleware, Runtime Tools component) allow
Account takeover in Oracle WebCenter Portal 12.2.1.4.0 and 14.1.2.0.0 allows an authenticated low-privileged attacker to
Account/portal takeover in Oracle WebCenter Portal 12.2.1.4.0 and 14.1.2.0.0 allows a low-privileged remote attacker to
Takeover of Oracle WebCenter Portal 12.2.1.4.0 and 14.1.2.0.0 is achievable by a low-privileged remote attacker over HTT
Privilege escalation to full takeover in Oracle WebCenter Portal 12.2.1.4.0 and 14.1.2.0.0 allows a low-privileged authe
Privilege escalation and full takeover of Oracle WebCenter Portal 12.2.1.4.0 and 14.1.2.0.0 is achievable by a low-privi
Remote unauthenticated takeover of Oracle WebCenter Portal 12.2.1.4.0 and 14.1.2.0.0 is possible via the Security Framew
Same weakness CWE-284 – Improper Access Control
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-37320