HarborGuardharborguardDatabase
Back to search
CRITICALCVE-2026-35320Published Modified CNA oracle

CVE-2026-35320: Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware (component: Content Server)

Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware (component: Content Server). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Content. While the vulnerability is in Oracle WebCenter Content, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle WebCenter Content. CVSS 3.1 Base Score 9.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H).

Metrics

CVSS v3.1
9.0
Severity
CRITICAL
Fixed in
Affected Products
1

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

A critical unauthenticated remote vulnerability exists in the Content Server component of Oracle WebCenter Content (Fusion Middleware versions 12.2.1.4.0 and 14.1.2.0.0). An attacker with network access over HTTP, and no credentials whatsoever, can exploit this flaw to achieve full takeover of the affected system, including reads, writes, and denial of service across confidentiality, integrity, and availability. Because the CVSS vector includes a scope change, a successful attack can spill over and compromise other products beyond WebCenter Content itself. No fix version has been published yet; HarborGuard is tracking the advisory for patch availability.

HarborGuard Coverage

Detection

Detection is available across every HarborGuard environment: CVE-2026-35320 is ingested from upstream Oracle and NVD feeds within minutes of publication and matched against all customer images, including custom-built images that layer Oracle WebCenter Content. Any image running an affected version (12.2.1.4.0 or 14.1.2.0.0) is flagged automatically in the pipeline scan and registry sweep.

Available
Triage

HarborGuard scores this CVE at 9.0 CRITICAL (CVSS v3.1) and is capable of weighting that score against each customer organization's compliance policy to prioritize it appropriately in their findings queue. Routing rules within each customer environment can direct the alert to the team responsible for Fusion Middleware workloads.

Available
Patch

Because no upstream fix version has been published, HarborGuard re-checks the Oracle advisory on every ingest cycle and will make a patched-image rebuild available automatically the moment Oracle ships a remediated release. In the interim, compensating controls such as network-policy isolation of WebCenter Content pods and egress filtering on the Content Server HTTP port are surfaced as recommended actions within the findings detail.

Pending upstream

Exploit Conditions

  • Network reachabilityRequired

    The attacker must reach the Content Server over the network via HTTP; there is no requirement for local or physical access, making any internet- or intranet-exposed deployment a viable target.

  • AuthenticationNot required

    No credentials of any kind are needed; the vulnerability is exploitable by a completely unauthenticated attacker.

  • Victim interactionNot required

    No user action or social engineering is required; the attacker operates entirely without victim participation.

  • Attack complexityDetail

    Attack complexity is rated High, meaning the exploit is not condition-free and likely depends on specific timing, configuration, or environmental factors the attacker must engineer or observe before the attack succeeds.

Blast Radius

  • A successful attacker achieves full takeover of the Oracle WebCenter Content instance, reading all stored content, documents, and indexed metadata.
  • The attacker can write or delete persisted content records and modify system configuration, corrupting the integrity of the content repository.
  • The attacker can crash or render the Content Server unavailable, disrupting any workflows or applications that depend on it.
  • Because the CVSS scope is Changed, the attacker can pivot to compromise other Fusion Middleware components or co-hosted products beyond WebCenter Content itself.

How HarborGuard Handles This

Available on HarborGuard: images containing Oracle WebCenter Content 12.2.1.4.0 or 14.1.2.0.0 are automatically flagged as critically vulnerable the moment CVE-2026-35320 is ingested, with no manual rule authoring needed. Because Oracle has not yet published a fix version, HarborGuard monitors the advisory on every ingest cycle and will surface a patched-image rebuild and, for customers with auto-remediation enabled, open a PR against affected workloads as soon as an upstream fix is available. In the meantime, the findings detail for this CVE includes compensating-control guidance: restricting network policy to limit inbound HTTP access to the Content Server, applying egress filtering to prevent lateral movement in the event of compromise, and isolating WebCenter Content pods from other Fusion Middleware services to reduce the blast radius of the scope-change risk. Customers whose compliance policy flags CRITICAL findings for immediate escalation will see this CVE routed accordingly within their organization's configured inbox.

See how HarborGuard automates this
Affected packages
  • Oracle Corporation / Oracle WebCenter Content
    12.2.1.4.0 · 14.1.2.0.0
CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
References