HarborGuardharborguardDatabase
Back to search
HIGHCVE-2026-35322Published Modified CNA oracle

CVE-2026-35322: Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware (component: Content Server)

Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware (component: Content Server). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle WebCenter Content. Successful attacks of this vulnerability can result in takeover of Oracle WebCenter Content. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

Metrics

CVSS v3.1
8.8
Severity
HIGH
Fixed in
Affected Products
1

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

This is a high-severity vulnerability in the Content Server component of Oracle WebCenter Content, part of Oracle Fusion Middleware, affecting versions 12.2.1.4.0 and 14.1.2.0.0. The flaw is reachable over the network via HTTP and requires only a low-privileged account, with no victim interaction needed. Successful exploitation gives an attacker full control of the affected Oracle WebCenter Content instance, impacting confidentiality, integrity, and availability. No fix version has been published yet; HarborGuard is tracking the advisory and will make a patched-image rebuild available as soon as Oracle releases one.

HarborGuard Coverage

Detection

Detection capability for CVE-2026-35322 is available across every HarborGuard environment: the CVE is ingested from upstream feeds within minutes of publication and matched against all customer images, including custom-built images derived from Oracle WebCenter Content base layers. Any image in a customer registry or CI/CD pipeline that carries an affected version is flagged automatically.

Available
Triage

Triage is available using the CVSS 3.1 base score of 8.8 (HIGH), weighted further by each customer org's compliance policy to prioritize and route alerts to the appropriate team inbox. Per-environment risk context, such as whether the affected image is deployed in a public-facing workload, is surfaced alongside the finding to help teams assess urgency quickly.

Available
Patch

Because no upstream fix version has been published, HarborGuard re-checks the Oracle advisory on every ingest cycle and will make a patched-image rebuild available the moment Oracle ships a corrected release. In the interim, compensating controls such as network-policy isolation and egress filtering can be applied; HarborGuard surfaces these recommendations alongside the open finding for customers who choose to act before a patch is available.

Pending upstream

Exploit Conditions

  • Network reachabilityRequired

    The attacker must reach the Content Server over the network via HTTP, making any internet- or intranet-exposed deployment directly in scope.

  • AuthenticationRequired

    A low-privileged account is sufficient; no administrative or elevated credentials are needed, making the barrier to entry low wherever user accounts are broadly provisioned.

  • Victim interactionNot required

    No user interaction is required; the attacker can carry out the exploit entirely without involving another person.

  • Attack complexityDetail

    Attack complexity is low, meaning the exploit is reliable and requires no special conditions, race windows, or environmental dependencies.

Blast Radius

  • A successful attacker reads all content managed by the Content Server, including documents, metadata, and any stored credentials or tokens.
  • The attacker can modify, delete, or inject arbitrary content and configuration within the WebCenter Content instance.
  • The attacker can crash or render the Content Server unavailable, disrupting any business processes or integrations that depend on it.
  • Full system takeover is possible, meaning the attacker may pivot from the Content Server process to other systems reachable from the same host or network segment.

How HarborGuard Handles This

Available on HarborGuard: detection for CVE-2026-35322 is active now, flagging any image built on Oracle WebCenter Content 12.2.1.4.0 or 14.1.2.0.0 across customer registries and pipelines. Because Oracle has not yet published a fix, HarborGuard will continue polling the advisory on every ingest cycle and will automatically make a patched-image rebuild available and trigger the rebuild-and-PR flow for customers with auto-remediation enabled the moment a corrected version is released. While waiting for an upstream patch, customers can apply compensating controls such as restricting network access to the Content Server via Kubernetes network policies, adding egress filtering to limit lateral movement, and auditing low-privileged account provisioning to reduce the pool of accounts an attacker could leverage. These recommendations are surfaced in the HarborGuard finding detail for this CVE so the relevant team can act without delay.

See how HarborGuard automates this
Affected packages
  • Oracle Corporation / Oracle WebCenter Content
    12.2.1.4.0 · 14.1.2.0.0
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References