HarborGuardharborguardDatabase
Back to search
HIGHCVE-2026-35318Published Modified CNA oracle

CVE-2026-35318: Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware (component: WebCenter Sites)

Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware (component: WebCenter Sites). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle WebCenter Sites. Successful attacks of this vulnerability can result in takeover of Oracle WebCenter Sites. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

Metrics

CVSS v3.1
8.8
Severity
HIGH
Fixed in
Affected Products
1

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

This is a high-severity vulnerability in Oracle WebCenter Sites (versions 12.2.1.4.0 and 14.1.2.0.0), a component of Oracle Fusion Middleware. The flaw is reachable over the network via HTTP and requires only a low-privileged account to exploit, with no need for victim interaction. Successful exploitation results in full takeover of the Oracle WebCenter Sites instance, giving an attacker control over its confidentiality, integrity, and availability. No fix version has been published yet; HarborGuard is tracking the advisory and will flag a patched rebuild the moment Oracle ships a remediated release.

HarborGuard Coverage

Detection

Detection is available across every HarborGuard environment: the CVE is ingested from Oracle and upstream vulnerability feeds within minutes of publication and matched against all customer images, including custom-built images that bundle Oracle WebCenter Sites. Any image running an affected version (12.2.1.4.0 or 14.1.2.0.0) is flagged automatically.

Available
Triage

HarborGuard is capable of scoring this finding at CVSS 8.8 HIGH and weighting it against each customer organization's compliance policy to determine urgency and routing. Findings are surfaced to the appropriate team inbox based on per-environment policy configuration, so the right engineers see the alert without manual triage.

Available
Patch

Because no upstream fix version has been published, HarborGuard re-checks the Oracle advisory on every ingest cycle and will make a patched-image rebuild available automatically the moment Oracle releases a remediated version. For customers with auto-remediation enabled, the rebuild, regression test run, and PR against affected workloads will be triggered without manual intervention once the fix is available.

Pending upstream

Exploit Conditions

  • Network reachabilityRequired

    The attacker must reach the Oracle WebCenter Sites service over the network via HTTP; no local or physical access is needed.

  • AuthenticationRequired

    The attacker must hold a valid low-privilege account on the system; anonymous access alone is not sufficient.

  • Victim interactionNot required

    No user action is required; the attacker can carry out the exploit entirely without involving another person.

  • Attack complexityDetail

    Attack complexity is low, meaning the exploit is reliable and does not depend on race conditions, specific memory layouts, or other variable environmental factors.

Blast Radius

  • A successful attacker reads all data stored in the Oracle WebCenter Sites instance, including content, configuration, and any credentials or session material held by the application.
  • A successful attacker modifies or deletes persisted content, site configuration, and user data within Oracle WebCenter Sites.
  • A successful attacker crashes or renders the Oracle WebCenter Sites service unavailable, disrupting content delivery for any sites it serves.
  • Because the CVE description characterizes the outcome as full takeover, an attacker gains persistent control over the application process and its underlying resources.

How HarborGuard Handles This

Available on HarborGuard: any image bundling Oracle WebCenter Sites 12.2.1.4.0 or 14.1.2.0.0 is detectable today via automated registry and pipeline scanning, with findings scored at CVSS 8.8 HIGH and routed to the appropriate team based on each organization's compliance policy. Because Oracle has not yet published a fix, a patched rebuild cannot be generated at this time. HarborGuard monitors the Oracle advisory on every ingest cycle; the moment a remediated release is published, a rebuild becomes available and, for customers with auto-remediation enabled, the full flow (rebuild, regression run, PR against affected workloads) triggers automatically. In the interim, recommended compensating controls include restricting HTTP access to the WebCenter Sites endpoint via network policy to known internal IP ranges, applying egress filtering to limit lateral movement if the service is compromised, and auditing all low-privilege accounts with access to the application to reduce the attacker's foothold opportunities.

See how HarborGuard automates this
Affected packages
  • Oracle Corporation / Oracle WebCenter Sites
    12.2.1.4.0 · 14.1.2.0.0
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References