HarborGuardharborguardDatabase
Back to search
CRITICALCVE-2026-35316Published Modified CNA oracle

CVE-2026-35316: Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware (component: Content Server)

Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware (component: Content Server). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle WebCenter Content. While the vulnerability is in Oracle WebCenter Content, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle WebCenter Content. CVSS 3.1 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).

Metrics

CVSS v3.1
9.9
Severity
CRITICAL
Fixed in
Affected Products
1

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

A critical remote code execution class vulnerability affects Oracle WebCenter Content (Content Server component) in versions 12.2.1.4.0 and 14.1.2.0.0. The flaw is reachable over the network via HTTP and requires only a low-privilege account, with no victim interaction needed; the CVSS scope-change indicator means exploitation can spill beyond the Content Server process itself. Successful exploitation gives an attacker full takeover of the affected instance, covering read access to all stored content, modification of data, and complete service disruption, with potential impact on adjacent systems in the same environment. No upstream fix has been published; HarborGuard is tracking the advisory and will make a patched-image rebuild available the moment Oracle ships a fix.

HarborGuard Coverage

Detection

Detection for CVE-2026-35316 is available across every HarborGuard environment: the CVE is ingested from upstream feeds within minutes of publication and matched against all customer images, including custom-built images derived from Oracle WebCenter Content base layers. Any image running an affected version (12.2.1.4.0 or 14.1.2.0.0) is flagged automatically in the registry scan and in CI pipeline checks.

Available
Triage

HarborGuard surfaces this CVE with its CVSS 3.1 score of 9.9 (Critical) and applies per-environment compliance policy weighting to prioritize alerting. Triage tickets are routable to the appropriate team inbox within each customer organization based on image ownership and policy configuration.

Available
Patch

Because no upstream fix version has been published, HarborGuard re-evaluates this advisory on every ingest cycle and will make a patched-image rebuild available automatically the moment Oracle releases a remediated version. In the interim, customers can apply network-policy controls and compensating configurations through HarborGuard's policy enforcement tooling to reduce exposure while the advisory remains open.

Pending upstream

Exploit Conditions

  • Network reachabilityRequired

    The attacker must reach the Content Server over the network via HTTP; no local or physical access is required, making any internet- or intranet-exposed deployment in scope.

  • AuthenticationRequired

    A low-privilege account is sufficient; any valid user credential grants the attacker the access level needed to trigger the vulnerability.

  • Victim interactionNot required

    No user action or social-engineering step is needed; the attacker can exploit the flaw directly without involving another person.

  • Attack complexityDetail

    Attack complexity is low, meaning the exploit is reliable and requires no special timing, race conditions, or environment-specific preconditions.

Blast Radius

  • Reads all content stored in the WebCenter Content repository, including documents, metadata, and credentials or tokens persisted by the application.
  • Modifies or deletes managed content, configuration records, and persisted application state.
  • Crashes or permanently disrupts the Content Server service, taking document management workflows offline.
  • Due to scope change, compromise can extend to other products or services sharing the same host or network segment, giving the attacker a foothold beyond the initial target.

How HarborGuard Handles This

Available on HarborGuard: CVE-2026-35316 is tracked continuously with no upstream fix currently published, so HarborGuard re-checks the Oracle advisory on every ingest cycle. The moment Oracle releases a patched version, a rebuilt image becomes available; for customers with auto-remediation enabled, that rebuild triggers an automated regression run and a PR opened against affected workloads, with median time from CVE publication to merged patch PR around 90 minutes for Critical-severity issues once a fix is available. While the advisory remains open, recommended compensating controls include applying Kubernetes network policies to restrict HTTP access to Content Server pods to known, authorized sources only; enabling egress filtering to limit lateral movement in the event of compromise; and, where operationally feasible, gating access behind an authenticated reverse proxy to raise the effective privilege bar beyond the low-privilege threshold the vulnerability currently requires.

See how HarborGuard automates this
Affected packages
  • Oracle Corporation / Oracle WebCenter Content
    12.2.1.4.0 · 14.1.2.0.0
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
References