HarborGuardharborguardDatabase
Back to search
HIGHCVE-2026-35317Published Modified CNA oracle

CVE-2026-35317: Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware (component: Content Server)

Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware (component: Content Server). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle WebCenter Content. Successful attacks of this vulnerability can result in takeover of Oracle WebCenter Content. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

Metrics

CVSS v3.1
8.8
Severity
HIGH
Fixed in
Affected Products
1

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

A high-severity vulnerability in Oracle WebCenter Content (Content Server component) allows a network-accessible attacker with any low-privilege account to fully compromise the system via HTTP. No physical access or victim interaction is required, and the exploit is reliable with no special conditions needed. Successful exploitation gives the attacker complete control over the affected Oracle WebCenter Content instance, including full read, write, and availability impact. HarborGuard is tracking this advisory and will make a patched-image rebuild available the moment Oracle publishes a fix.

HarborGuard Coverage

Detection

Detection is available across every HarborGuard environment: the CVE is ingested from upstream feeds within minutes of publication and matched against customer images in connected registries and CI/CD pipelines, including custom-built images that bundle Oracle WebCenter Content at affected versions 12.2.1.4.0 or 14.1.2.0.0.

Available
Triage

HarborGuard is capable of scoring this finding at CVSS 8.8 (HIGH) and weighting it against each environment's compliance policy to determine urgency. Findings are routable to the appropriate team inbox within each customer organization based on image ownership and policy configuration.

Available
Patch

Because no fix version has been published by Oracle, HarborGuard re-checks the upstream advisory on every ingest cycle and will make a patched-image rebuild available automatically the moment a fix is released. For customers with auto-remediation enabled, the rebuild, regression run, and PR against affected workloads will be initiated without manual intervention once an upstream fix exists.

Pending upstream

Exploit Conditions

  • Network reachabilityRequired

    The attacker must reach the Content Server over the network via HTTP; there is no local-only or adjacent-network restriction.

  • AuthenticationRequired

    A low-privilege account is sufficient; no administrative or elevated credentials are needed, but unauthenticated access alone is not enough to trigger the vulnerability.

  • Victim interactionNot required

    No user interaction is required; the attacker can exploit the vulnerability without involving any other party.

  • Attack complexityDetail

    Attack complexity is low, meaning the exploit is reliable and imposes no special environmental conditions, race conditions, or configuration dependencies.

Blast Radius

  • A successful attacker reads all content managed by the Content Server, including stored documents, metadata, and any credentials or tokens the application holds.
  • The attacker can write to or modify any content, configuration, or persisted data within the Oracle WebCenter Content instance.
  • The attacker can crash or make the Content Server unavailable, disrupting any workflows or integrations that depend on it.
  • Full system takeover is the described outcome, meaning the attacker gains persistent control over the host process and its data without further escalation steps.

How HarborGuard Handles This

Available on HarborGuard: scanning for CVE-2026-35317 is active across connected environments, with detection matched against any image running Oracle WebCenter Content at versions 12.2.1.4.0 or 14.1.2.0.0. Because Oracle has not yet published a fix, HarborGuard monitors the upstream advisory on every ingest cycle and will trigger a patched-image rebuild automatically once a fix version is released; for customers with auto-remediation enabled, this includes a regression test run and a PR opened against affected workloads. In the interim, compensating controls worth evaluating include network-policy isolation to restrict HTTP access to the Content Server to only known, authorized clients; egress filtering to limit outbound connections from the container; and review of which accounts hold low-privilege credentials to the service, since any such account is sufficient to exploit this vulnerability. These controls do not eliminate the risk but reduce the exposed attack surface while the upstream patch is pending.

See how HarborGuard automates this
Affected packages
  • Oracle Corporation / Oracle WebCenter Content
    12.2.1.4.0 · 14.1.2.0.0
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References