Description
Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware (component: Content Server). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle WebCenter Content. While the vulnerability is in Oracle WebCenter Content, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle WebCenter Content. CVSS 3.1 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).
Published: 2026-06-16
Score: 9.9 Critical
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A flaw in Oracle WebCenter Content’s Content Server allows an attacker with local, low privileges to use HTTP traffic to compromise the application. Once exploited, the attacker can gain control over the WebCenter Content instance, jeopardizing confidentiality, integrity, and availability of the data it manages.

Affected Systems

The vulnerability affects Oracle WebCenter Content versions 12.2.1.4.0 and 14.1.2.0.0. Attackers can reach the flaw through the HTTP interface from any host that can contact the server.

Risk and Exploitability

With a CVSS 3.1 base score of 9.9, the flaw is classified as critical. The EPSS score of less than 1% indicates a low probability of exploitation in the wild at this time, and the flaw is not currently listed in CISA’s KEV catalog. Nevertheless, the attack vector requires only network access via HTTP, and the scope change in the vector suggests that exploitation could extend to other products that integrate with the Content Server.

Generated by OpenCVE AI on June 17, 2026 at 21:06 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Oracle patch for WebCenter Content 12.2.1.4.0 and 14.1.2.0.0 that addresses CVE-2026-35321.
  • If a patch is not yet available, upgrade to a newer, supported WebCenter Content release that includes the fix.
  • Limit inbound HTTP traffic to WebCenter Content to trusted networks and authenticated users, blocking traffic from untrusted sources.
  • Enforce strict authentication and authorization checks on all application endpoints, following CWE‑284 best practices.
  • Deploy a web application firewall or similar controls to detect and block malicious request patterns associated with this vulnerability.

Generated by OpenCVE AI on June 17, 2026 at 21:06 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 16 Jun 2026 20:45:00 +0000

Type Values Removed Values Added
Description Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware (component: Content Server). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle WebCenter Content. While the vulnerability is in Oracle WebCenter Content, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle WebCenter Content. CVSS 3.1 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).
First Time appeared Oracle
Oracle webcenter Content
CPEs cpe:2.3:a:oracle:webcenter_content:12.2.1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:webcenter_content:14.1.2.0.0:*:*:*:*:*:*:*
Vendors & Products Oracle
Oracle webcenter Content
References
Metrics cvssV3_1

{'score': 9.9, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H'}

Subscriptions

Oracle Webcenter Content
cve-icon MITRE

Status: PUBLISHED

Assigner: oracle

Published:

Updated: 2026-06-17T15:36:33.897Z

Reserved: 2026-04-01T20:03:40.837Z

Link: CVE-2026-35321

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-16T22:00:12Z

Weaknesses

No weakness.