Skip to main content

Oracle WebCenter Content EUVD-2026-37330

| CVE-2026-46813 CRITICAL
Missing Authentication for Critical Function (CWE-306)
2026-06-16 oracle
Oracle Oracle Webcenter Content Authentication Bypass
9.8
CVSS 3.1 · Vendor: oracle
Share

Severity by source

Vendor (oracle) PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vuln.today AI
9.8 CRITICAL

Oracle describes unauthenticated HTTP-reachable 'easy' exploitation leading to full Content Server takeover, justifying AV:N/AC:L/PR:N/UI:N and C:H/I:H/A:H with unchanged scope.

3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (oracle).

CVSS VectorVendor: oracle

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
Analysis Generated
Jun 16, 2026 - 22:51 vuln.today

DescriptionCVE.org

Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware (component: Content Server). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Content. Successful attacks of this vulnerability can result in takeover of Oracle WebCenter Content. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

AnalysisAI

Unauthenticated remote takeover of Oracle WebCenter Content (Content Server component) is possible in supported versions 12.2.1.4.0 and 14.1.2.0.0 via a network-reachable HTTP attack path. The flaw carries a CVSS 9.8 with full confidentiality, integrity, and availability impact, and Oracle describes exploitation as 'easily exploitable.' No public exploit identified at time of analysis, but the combination of unauthenticated network reach and full compromise warrants prioritized patching of any internet-exposed Content Server.

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Identify exposed WebCenter Content Server
Delivery
Send crafted HTTP request to Content Server endpoint
Exploit
Trigger unauthenticated vulnerability
Execution
Obtain Content Server takeover
Persist
Exfiltrate or tamper with managed content
Impact
Pivot into Fusion Middleware domain
Sign in to reveal

Vulnerability AssessmentAI

Exploitation No special conditions - remote unauthenticated exploitation against default configurations of Oracle WebCenter Content Content Server 12.2.1.4.0 and 14.1.2.0.0 over HTTP, with no user interaction and no privileges required (CVSS AV:N/AC:L/PR:N/UI:N). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment All available signals point to high real-world risk: the CVSS vector is AV:N/AC:L/PR:N/UI:N with C:H/I:H/A:H, meaning network-reachable, low complexity, no privileges, no user interaction, and full compromise of confidentiality, integrity, and availability. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker with only network reach to a WebCenter Content Server HTTP endpoint sends a crafted HTTP request that requires no authentication or user interaction and obtains full takeover of the Content Server, leading to disclosure of managed documents, modification or destruction of stored content, and use of the Content Server host as a foothold into the wider Fusion Middleware domain. The likely target profile is internet-exposed or extranet WebCenter portals used for document exchange with partners. …
Remediation Apply the fixes delivered in Oracle's June 2026 Critical Patch Update for Oracle WebCenter Content 12.2.1.4.0 and 14.1.2.0.0 as referenced at https://www.oracle.com/security-alerts/cspujun2026.html; exact bundle patch numbers are listed in the CPU matrix and should be selected per the running Fusion Middleware version. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Recommended ActionAI

**24 hours**: Conduct rapid inventory of all Oracle WebCenter Content deployments; immediately isolate or take offline any instances with internet or untrusted network access; declare incident response status. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

More from same product – last 7 days

CVE-2026-35316 CRITICAL
9.9 Jun 16

Account takeover in Oracle WebCenter Content 12.2.1.4.0 and 14.1.2.0.0 (Content Server component) allows a low-privilege
CVE-2026-35321 CRITICAL
9.9 Jun 16

Takeover of Oracle WebCenter Content 12.2.1.4.0 and 14.1.2.0.0 is achievable by a low-privileged remote attacker over HT
CVE-2026-35323 CRITICAL
9.9 Jun 16

Takeover of Oracle WebCenter Content 12.2.1.4.0 and 14.1.2.0.0 is possible by a low-privileged attacker sending HTTP req
CVE-2026-35286 CRITICAL
9.8 Jun 16

Remote takeover of Oracle WebCenter Content 12.2.1.4.0 and 14.1.2.0.0 allows unauthenticated network attackers to fully

CVE-2026-35319 CRITICAL
9.8 Jun 16

Remote unauthenticated takeover of Oracle WebCenter Content 12.2.1.4.0 and 14.1.2.0.0 is possible via the Content Server

Share

EUVD-2026-37330 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy