Description
Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware (component: Content Server). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle WebCenter Content. Successful attacks of this vulnerability can result in takeover of Oracle WebCenter Content. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
Published: 2026-06-16
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability resides in Oracle WebCenter Content's Content Server component and enables a low‑privileged network attacker to exploit HTTP requests and fully compromise the application. The attack can lead to loss of confidentiality, integrity, and availability for all data and services managed by WebCenter Content. As described, the exploitation results in a complete takeover of the system.

Affected Systems

Oracle WebCenter Content versions 12.2.1.4.0 and 14.1.2.0.0 are affected, as identified by the Oracle Fusion Middleware product line.

Risk and Exploitability

The CVSS score of 8.8 indicates a high severity risk, while the EPSS score of less than 1% suggests that zero‑day exploitation is infrequent. The vulnerability is not listed in the CISA KEV catalog. The attack vector is inferred to be remote over HTTP, requiring only a low‑privileged account, and would enable full administrative control over WebCenter Content.

Generated by OpenCVE AI on June 17, 2026 at 20:17 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Oracle WebCenter Content security patch for versions 12.2.1.4.0 and 14.1.2.0.0, as released in the Oracle Security Alert CSPUJUN2026.
  • Restrict HTTP access to WebCenter Content to trusted network zones and enforce strong authentication to prevent low‑privileged users from leveraging the vulnerability.
  • Monitor network traffic for unusual HTTP requests targeting WebCenter Content and implement a Web Application Firewall to block suspicious patterns.

Generated by OpenCVE AI on June 17, 2026 at 20:17 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 16 Jun 2026 20:45:00 +0000

Type Values Removed Values Added
Description Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware (component: Content Server). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle WebCenter Content. Successful attacks of this vulnerability can result in takeover of Oracle WebCenter Content. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
First Time appeared Oracle
Oracle webcenter Content
CPEs cpe:2.3:a:oracle:webcenter_content:12.2.1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:webcenter_content:14.1.2.0.0:*:*:*:*:*:*:*
Vendors & Products Oracle
Oracle webcenter Content
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Oracle Webcenter Content
cve-icon MITRE

Status: PUBLISHED

Assigner: oracle

Published:

Updated: 2026-06-17T15:35:53.061Z

Reserved: 2026-04-01T20:03:40.838Z

Link: CVE-2026-35325

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-16T22:45:03Z

Weaknesses

No weakness.