HarborGuardharborguardDatabase
Back to search
CRITICALCVE-2026-35285Published Modified CNA oracle

CVE-2026-35285: Vulnerability in the Oracle WebCenter Enterprise Capture product of Oracle Fusion Middleware (component: Client Bundle)

Vulnerability in the Oracle WebCenter Enterprise Capture product of Oracle Fusion Middleware (component: Client Bundle). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via T3, IIOP to compromise Oracle WebCenter Enterprise Capture. While the vulnerability is in Oracle WebCenter Enterprise Capture, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle WebCenter Enterprise Capture. CVSS 3.1 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).

Metrics

CVSS v3.1
9.9
Severity
CRITICAL
Fixed in
Affected Products
1

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

A critical remote code execution class vulnerability affects Oracle WebCenter Enterprise Capture (Client Bundle component), versions 12.2.1.4.0 and 14.1.2.0.0. An attacker with a low-privilege account and network access over the T3 or IIOP protocols can exploit this flaw without any victim interaction, and successful exploitation results in full takeover of the affected product, with scope change meaning adjacent systems can also be compromised. No fix version has been published yet; HarborGuard is tracking the advisory and will surface a patched-image rebuild the moment Oracle releases one.

HarborGuard Coverage

Detection

Detection is available across every HarborGuard environment: CVE-2026-35285 is ingested from upstream Oracle and NVD advisory feeds within minutes of publication and matched against all customer images, including custom-built images that bundle affected WebCenter Enterprise Capture Client Bundle artifacts. Any image in a connected registry or CI pipeline carrying an affected version (12.2.1.4.0 or 14.1.2.0.0) is flagged automatically.

Available
Triage

HarborGuard scores this CVE at its published CVSS 3.1 base score of 9.9 (Critical), surfacing it at the top of the severity queue in each customer environment. Per-environment compliance policy weighting is applied before routing the finding to the appropriate team inbox, so the right owners see it without manual filtering.

Available
Patch

No upstream fix has been published by Oracle as of the CVE record date. HarborGuard re-evaluates the advisory on every ingest cycle and will make a patched-image rebuild available automatically the moment Oracle publishes a corrected version. For customers who opt into auto-remediation, the rebuild, regression-test run, and PR against affected workloads will be triggered without manual intervention once a fix version exists.

Pending upstream

Exploit Conditions

  • Network reachabilityRequired

    The attacker must reach the service over the network via the T3 or IIOP protocol, meaning the WebCenter Enterprise Capture endpoint must be accessible from the attacker's network position.

  • AuthenticationRequired

    Any low-privilege account is sufficient; no administrative or elevated credentials are required to trigger the vulnerability.

  • Victim interactionNot required

    Exploitation is fully attacker-driven and requires no action from any user of the affected system.

  • Attack complexityDetail

    Attack complexity is low, meaning the exploit is reliable and requires no special race conditions, timing dependencies, or environmental prerequisites.

Blast Radius

  • A successful attacker gains full control of the Oracle WebCenter Enterprise Capture instance, including all documents, capture workflows, and stored credentials it holds.
  • All confidentiality, integrity, and availability of data within the product are lost: the attacker can read, modify, or permanently delete captured content and configuration.
  • Because the CVSS scope is changed, other products sharing the same middleware environment or trust boundary can be compromised as a secondary consequence of this single attack.
  • The attacker can crash or render the capture service unavailable, disrupting any downstream processes that depend on document ingestion.

How HarborGuard Handles This

Available on HarborGuard: this CVE is actively monitored with no fix version currently published by Oracle. On every advisory ingest cycle, HarborGuard re-checks for a patch release and will trigger a patched-image rebuild the moment Oracle publishes a corrected version. In the interim, customers are advised to apply network-policy isolation to restrict T3 and IIOP access to the WebCenter Enterprise Capture endpoints to known, authorized source IPs only, and to review egress filtering rules to limit lateral movement potential in the event of compromise. Where compliance policy permits, HarborGuard can apply a blocking policy that flags any pipeline promotion of images carrying the affected versions (12.2.1.4.0 or 14.1.2.0.0) until a clean rebuild is available. When Oracle ships a fix, auto-remediation-enabled environments will receive a rebuilt image, a regression-test run, and a PR opened against affected workloads automatically.

See how HarborGuard automates this
Affected packages
  • Oracle Corporation / Oracle WebCenter Enterprise Capture
    12.2.1.4.0 · 14.1.2.0.0
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
References