Description
Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware (component: Content Server). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebCenter Content. Successful attacks of this vulnerability can result in takeover of Oracle WebCenter Content. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).
Published: 2026-06-16
Score: 7.2 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A flaw in Oracle WebCenter Content’s Content Server component allows a network‑based attacker, who already possesses high privileges, to fully compromise the application. The vulnerability is easily exploitable and can result in the attacker taking control of the server, thereby destroying confidentiality, integrity, and availability. The CVSS vector indicates that the attack requires remote network access, low attack complexity, high privileges, and no user interaction, making it a significant risk for affected systems.

Affected Systems

Oracle WebCenter Content, versions 12.2.1.4.0 and 14.1.2.0.0

Risk and Exploitability

The CVSS base score of 7.2 classifies the issue as high severity, yet the EPSS score is below 1%, suggesting a low likelihood of widespread exploitation at present. Oracle has not listed the vulnerability in CISA’s KEV catalog. The attack vector inferred from the CVSS parameters is a network‑directed exploit via HTTP, so systems exposing WebCenter Content to untrusted networks face the highest risk.

Generated by OpenCVE AI on June 17, 2026 at 20:17 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Oracle WebCenter Content to the latest patched release for versions 12.2.1.4.0 and 14.1.2.0.0.
  • Limit HTTP access to the application through firewall rules or VPNs, restricting known, trusted IP ranges.
  • Enable comprehensive logging and monitor access logs for anomalous activity, including repeated failed authentication attempts or unusual GET/POST requests.
  • If a patch is not immediately available, consider disabling or removing the Content Server component until the fix is deployed.

Generated by OpenCVE AI on June 17, 2026 at 20:17 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 16 Jun 2026 20:45:00 +0000

Type Values Removed Values Added
Description Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware (component: Content Server). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebCenter Content. Successful attacks of this vulnerability can result in takeover of Oracle WebCenter Content. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).
First Time appeared Oracle
Oracle webcenter Content
CPEs cpe:2.3:a:oracle:webcenter_content:12.2.1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:webcenter_content:14.1.2.0.0:*:*:*:*:*:*:*
Vendors & Products Oracle
Oracle webcenter Content
References
Metrics cvssV3_1

{'score': 7.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Oracle Webcenter Content
cve-icon MITRE

Status: PUBLISHED

Assigner: oracle

Published:

Updated: 2026-06-17T15:35:44.448Z

Reserved: 2026-04-01T20:03:40.838Z

Link: CVE-2026-35326

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-16T22:45:03Z

Weaknesses

No weakness.