HarborGuardharborguardDatabase
Back to search
CRITICALCVE-2026-35319Published Modified CNA oracle

CVE-2026-35319: Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware (component: Content Server)

Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware (component: Content Server). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Content. Successful attacks of this vulnerability can result in takeover of Oracle WebCenter Content. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Metrics

CVSS v3.1
9.8
Severity
CRITICAL
Fixed in
Affected Products
1

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

A critical unauthenticated remote code execution vulnerability affects Oracle WebCenter Content (Content Server component) in versions 12.2.1.4.0 and 14.1.2.0.0. The flaw is reachable over HTTP without any credentials or user interaction, making it trivially exploitable by any attacker with network access to the service. Successful exploitation results in full takeover of the Oracle WebCenter Content instance, giving the attacker control over confidentiality, integrity, and availability. No fix versions have been published by Oracle; HarborGuard is tracking the advisory and will surface a patched-image rebuild the moment upstream ships a fix.

HarborGuard Coverage

Detection

Detection is available across every HarborGuard environment: CVE-2026-35319 is matched against customer images within minutes of ingestion from upstream advisory feeds, including custom-built images that bundle Oracle WebCenter Content. Any image running an affected version (12.2.1.4.0 or 14.1.2.0.0) is flagged automatically as part of the continuous pipeline scan.

Available
Triage

Triage is available with a CVSS 3.1 score of 9.8 (Critical), surfaced alongside each customer org's compliance policy weighting to determine urgency tier. Findings are routed to the appropriate team inbox within the customer org based on image ownership and policy configuration.

Available
Patch

Because no upstream fix versions have been published, HarborGuard re-checks the Oracle advisory on every ingest cycle and will make a patched-image rebuild available immediately once Oracle releases a remediated version. In the meantime, customers can apply compensating controls such as network-policy isolation of the Content Server endpoint and egress filtering, configurable through HarborGuard's policy engine.

Pending upstream

Exploit Conditions

  • Network reachabilityRequired

    The attacker must reach the Oracle WebCenter Content service over the network via HTTP; there is no local-only or adjacent-network restriction.

  • AuthenticationNot required

    No credentials of any kind are needed; the vulnerable endpoint is fully accessible to unauthenticated requests.

  • Victim interactionNot required

    The attack is fully server-side and requires no action from any user or administrator of the target system.

  • Attack complexityDetail

    Exploitation is reliable and condition-free, with no race conditions or special environmental factors required.

Blast Radius

  • A successful attacker gains full read access to all content managed by the Content Server, including documents, metadata, and stored credentials or session material.
  • The attacker can write, modify, or delete persisted content and configuration data within the Oracle WebCenter Content instance.
  • The attacker can crash or render the Content Server permanently unavailable, disrupting all workflows and integrations that depend on it.
  • Full system takeover means the attacker can use the compromised host as a foothold for lateral movement into adjacent systems in the same network segment.

How HarborGuard Handles This

Available on HarborGuard: CVE-2026-35319 is classified Critical (CVSS 9.8) with no upstream fix published as of the CVE publication date, so the remediation pipeline is in monitoring mode. HarborGuard re-checks the Oracle advisory on every ingest cycle; the moment Oracle publishes a patched version, a rebuilt image becomes available, and customers with auto-remediation enabled will automatically receive a rebuild, a regression-test run, and a pull request opened against affected workloads. Until a patch ships, HarborGuard surfaces this finding with a Critical urgency flag and recommends applying compensating controls: restrict network access to the Content Server port using Kubernetes NetworkPolicy or equivalent firewall rules, enable egress filtering to limit outbound reach from the container, and where the feature set permits, gate HTTP exposure behind an authenticated reverse proxy. These control suggestions are available in the HarborGuard advisory detail panel for each affected image.

See how HarborGuard automates this
Affected packages
  • Oracle Corporation / Oracle WebCenter Content
    12.2.1.4.0 · 14.1.2.0.0
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References