Description
Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware (component: Content Server). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle WebCenter Content. Successful attacks of this vulnerability can result in takeover of Oracle WebCenter Content. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
Published: 2026-06-16
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability enables an attacker with limited local privileges who can reach the affected system over the network to send HTTP requests that result in full compromise of the Oracle WebCenter Content server. Successful exploitation would give the attacker complete control over the server, compromising the confidentiality, integrity and availability of all managed content.

Affected Systems

Oracle WebCenter Content, specifically Fusion Middleware component Content Server, in versions 12.2.1.4.0 and 14.1.2.0.0 are impacted.

Risk and Exploitability

The CVSS 3.1 base score of 8.8 indicates high severity, while the EPSS score of less than 1% reflects a low but non‑zero likelihood of real‑world exploitation. The vulnerability is not listed in the CISA KEV catalog. The stated attack vector uses network HTTP access, and requires only low privileged credentials, meaning the compromise can be achieved without user interaction or elevated privileges.

Generated by OpenCVE AI on June 17, 2026 at 21:08 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor‑released patch or upgrade Oracle WebCenter Content to a release that addresses CVE‑2026‑35315
  • Restrict inbound HTTP traffic to the Content Server to trusted networks or use firewall rules or VPN controls to limit exposure
  • Disable or restrict any unused HTTP endpoints that are not required in production to reduce the attack surface

Generated by OpenCVE AI on June 17, 2026 at 21:08 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 16 Jun 2026 20:45:00 +0000

Type Values Removed Values Added
Description Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware (component: Content Server). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle WebCenter Content. Successful attacks of this vulnerability can result in takeover of Oracle WebCenter Content. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
First Time appeared Oracle
Oracle webcenter Content
CPEs cpe:2.3:a:oracle:webcenter_content:12.2.1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:webcenter_content:14.1.2.0.0:*:*:*:*:*:*:*
Vendors & Products Oracle
Oracle webcenter Content
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Oracle Webcenter Content
cve-icon MITRE

Status: PUBLISHED

Assigner: oracle

Published:

Updated: 2026-06-17T15:37:25.435Z

Reserved: 2026-04-01T20:03:40.837Z

Link: CVE-2026-35315

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-16T22:00:12Z

Weaknesses

No weakness.