Description
Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware (component: Content Server). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Content. Successful attacks of this vulnerability can result in takeover of Oracle WebCenter Content. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
Published: 2026-06-16
Score: 9.8 Critical
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The Oracle WebCenter Content product (Content Server component) contains a vulnerability that allows an unauthenticated attacker to gain complete control over the application. An attacker who can reach the target over HTTP without authentication can exploit the flaw to take the system offline, modify data, or run arbitrary code, causing complete loss of confidentiality, integrity and availability. The CVSS 3.1 base score of 9.8 highlights the severe impact of this flaw.

Affected Systems

Oracle WebCenter Content versions 12.2.1.4.0 and 14.1.2.0.0 are vulnerable. These versions are part of Oracle Fusion Middleware and are delivered by Oracle Corporation.

Risk and Exploitability

The vulnerability can be exploited over the network, and no authentication is required, making it easy to launch an attack. The EPSS score of less than 1% suggests low current exploitation rates, but the CVSS score and lack of KEV listing do not diminish its critical nature. An attacker who succeeds will effectively take over the entire WebCenter Content instance. The attack vector is inferred to be HTTP traffic to the web server, where the flaw manifests as an arbitrary code execution point.

Generated by OpenCVE AI on June 17, 2026 at 21:07 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the official patch or update that addresses CVE-2026-35319
  • Restrict HTTP access to the Oracle WebCenter Content service from untrusted networks until the patch is applied
  • Monitor system logs for anomalous activity that may indicate exploitation attempts

Generated by OpenCVE AI on June 17, 2026 at 21:07 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 16 Jun 2026 20:45:00 +0000

Type Values Removed Values Added
Description Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware (component: Content Server). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Content. Successful attacks of this vulnerability can result in takeover of Oracle WebCenter Content. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
First Time appeared Oracle
Oracle webcenter Content
CPEs cpe:2.3:a:oracle:webcenter_content:12.2.1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:webcenter_content:14.1.2.0.0:*:*:*:*:*:*:*
Vendors & Products Oracle
Oracle webcenter Content
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Oracle Webcenter Content
cve-icon MITRE

Status: PUBLISHED

Assigner: oracle

Published:

Updated: 2026-06-17T15:36:54.005Z

Reserved: 2026-04-01T20:03:40.837Z

Link: CVE-2026-35319

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-16T22:45:03Z

Weaknesses

No weakness.