Skip to main content

Oracle WebCenter Content EUVD-2026-37447

| CVE-2026-35321 CRITICAL
Improper Access Control (CWE-284)
2026-06-16 oracle
Oracle Oracle Webcenter Content Authentication Bypass
9.9
CVSS 3.1 · Vendor: oracle
Share

Severity by source

Vendor (oracle) PRIMARY
9.9 CRITICAL
AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
vuln.today AI
9.9 CRITICAL

HTTP-reachable Content Server (AV:N), easily exploitable per Oracle (AC:L), requires a low-privileged account (PR:L), no user interaction, and full takeover with cross-product impact justifies S:C and C:H/I:H/A:H.

3.1 AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Primary rating from Vendor (oracle).

CVSS VectorVendor: oracle

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
Analysis Generated
Jun 16, 2026 - 23:16 vuln.today

DescriptionCVE.org

Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware (component: Content Server). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle WebCenter Content. While the vulnerability is in Oracle WebCenter Content, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle WebCenter Content. CVSS 3.1 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).

AnalysisAI

Takeover of Oracle WebCenter Content 12.2.1.4.0 and 14.1.2.0.0 is achievable by a low-privileged remote attacker over HTTP, with scope change enabling impact on adjacent products in the Fusion Middleware stack. The flaw carries a CVSS 3.1 base score of 9.9 and is described by Oracle as easily exploitable, though no public exploit identified at time of analysis. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain low-privileged WebCenter credentials
Delivery
Reach Content Server HTTP endpoint
Exploit
Send crafted authenticated request
Execution
Trigger scope-changing flaw
Persist
Take over WebCenter Content instance
Impact
Pivot to adjacent Fusion Middleware components
Sign in to reveal

Vulnerability AssessmentAI

Exploitation Attacker must possess valid low-privileged credentials for the Oracle WebCenter Content Content Server (PR:L) and be able to reach its HTTP interface over the network (AV:N); no user interaction is required (UI:N) and attack complexity is low (AC:L). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment All available signals converge on high real-world risk: CVSS 3.1 is 9.9 with AV:N/AC:L/PR:L/UI:N/S:C and full High impact on confidentiality, integrity, and availability - the scope change indicates compromise can reach beyond WebCenter Content into other Fusion Middleware components or downstream systems. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who has obtained any low-privileged WebCenter Content user credential - through phishing, credential stuffing against an exposed login portal, or a compromised partner account - authenticates to the Content Server over HTTP and sends a crafted request that exploits the flaw to take over the WebCenter Content instance and pivot into adjacent Fusion Middleware components via the scope change. Because Oracle states the issue is 'easily exploitable', reverse engineering of the June 2026 CPU patch is likely to yield a working exploit shortly after release even though no public exploit identified at time of analysis.
Remediation Apply the patch available per vendor advisory by installing the June 2026 Oracle Critical Patch Update for WebCenter Content 12.2.1.4.0 and 14.1.2.0.0, as documented at https://www.oracle.com/security-alerts/cspujun2026.html; Oracle does not publish backported fixes outside the CPU cycle, so out-of-band patching is not an option. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Recommended ActionAI

Within 24 hours: Restrict network access to all WebCenter Content instances to internal/trusted IP ranges only and audit active user accounts with Content Server permissions. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

More from same product – last 7 days

CVE-2026-35316 CRITICAL
9.9 Jun 16

Account takeover in Oracle WebCenter Content 12.2.1.4.0 and 14.1.2.0.0 (Content Server component) allows a low-privilege
CVE-2026-35323 CRITICAL
9.9 Jun 16

Takeover of Oracle WebCenter Content 12.2.1.4.0 and 14.1.2.0.0 is possible by a low-privileged attacker sending HTTP req
CVE-2026-35286 CRITICAL
9.8 Jun 16

Remote takeover of Oracle WebCenter Content 12.2.1.4.0 and 14.1.2.0.0 allows unauthenticated network attackers to fully

CVE-2026-35319 CRITICAL
9.8 Jun 16

Remote unauthenticated takeover of Oracle WebCenter Content 12.2.1.4.0 and 14.1.2.0.0 is possible via the Content Server
CVE-2026-46766 CRITICAL
9.8 Jun 16

Remote unauthenticated takeover of Oracle WebCenter Content 12.2.1.4.0 and 14.1.2.0.0 is possible via HTTP requests to t

Share

EUVD-2026-37447 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy