HarborGuardharborguardDatabase
Back to search
HIGHCVE-2026-35326Published Modified CNA oracle

CVE-2026-35326: Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware (component: Content Server)

Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware (component: Content Server). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebCenter Content. Successful attacks of this vulnerability can result in takeover of Oracle WebCenter Content. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).

Metrics

CVSS v3.1
7.2
Severity
HIGH
Fixed in
Affected Products
1

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

A high-severity vulnerability in Oracle WebCenter Content (Content Server component) allows a remote, authenticated attacker with administrative privileges to fully compromise the affected system via HTTP. The vulnerability requires no victim interaction and carries low attack complexity, making exploitation straightforward once the attacker has admin-level credentials. Successful exploitation gives the attacker complete control over the Content Server instance, affecting confidentiality, integrity, and availability. No fix version has been published yet; HarborGuard is tracking the advisory and will make a patched-image rebuild available as soon as Oracle releases one.

HarborGuard Coverage

Detection

Detection capability is available across every HarborGuard environment: the CVE is ingested from upstream Oracle and NVD feeds within minutes of publication and matched against customer images, including custom-built images that layer Oracle WebCenter Content components. Any image running the affected versions (12.2.1.4.0 or 14.1.2.0.0) will surface in the findings dashboard automatically.

Available
Triage

HarborGuard scores this CVE at CVSS 7.2 HIGH (v3.1) and applies per-environment compliance policy weighting to prioritize the finding appropriately within each customer organization. Routed findings are sent to the configured team inbox, allowing the right owners to act without manual triage overhead.

Available
Patch

Because no upstream fix has been published, HarborGuard re-checks the Oracle advisory on every ingest cycle and will make a patched-image rebuild available the moment Oracle releases a corrected version. For customers with auto-remediation enabled, the rebuild, regression-test run, and PR against affected workloads will be triggered automatically at that point, with no manual intervention required.

Pending upstream

Exploit Conditions

  • Network reachabilityRequired

    The attacker must reach the Content Server over the network via HTTP, making any internet- or intranet-exposed instance a viable target.

  • AuthenticationRequired

    A high-privileged (admin-level) account is required; an attacker without existing administrative credentials cannot exploit this vulnerability directly.

  • Victim interactionNot required

    No user action or social engineering is needed; the attacker operates entirely without victim participation.

  • Attack complexityDetail

    Attack complexity is low, meaning exploitation is reliable and imposes no special conditions such as race conditions or memory-layout requirements.

Blast Radius

  • The attacker reads all content managed by the Content Server, including stored documents, metadata, and potentially credentials or session tokens held in the system.
  • The attacker modifies or deletes managed content and configuration data, enabling persistent tampering with document repositories.
  • The attacker crashes or destabilizes the Content Server process, taking the service offline for all users who depend on it.
  • Full system takeover is achievable, meaning the attacker can install persistent backdoors or pivot to other systems accessible from the Content Server host.

How HarborGuard Handles This

Available on HarborGuard: this CVE is actively monitored against all images in customer registries and CI pipelines. Because Oracle has not yet published a fix for the affected versions (12.2.1.4.0 and 14.1.2.0.0), HarborGuard re-evaluates the advisory on every ingest cycle. The moment Oracle publishes a patched release, a rebuilt image at the fix version becomes available; for customers with auto-remediation enabled, that triggers an automated rebuild, regression-test run, and PR opened against affected workloads. In the interim, compensating controls worth evaluating include tightening network policy to restrict HTTP access to the Content Server to only trusted administrative hosts, enforcing egress filtering to limit lateral movement from a compromised instance, and auditing which accounts hold high-privileged roles in the Content Server to reduce the number of credentials an attacker could leverage.

See how HarborGuard automates this
Affected packages
  • Oracle Corporation / Oracle WebCenter Content
    12.2.1.4.0 · 14.1.2.0.0
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
References