HarborGuardharborguardDatabase
Back to search
HIGHCVE-2026-35327Published Modified CNA oracle

CVE-2026-35327: Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware (component: Content Server)

Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware (component: Content Server). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle WebCenter Content. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebCenter Content, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebCenter Content accessible data as well as unauthorized update, insert or delete access to some of Oracle WebCenter Content accessible data. CVSS 3.1 Base Score 7.6 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N).

Metrics

CVSS v3.1
7.6
Severity
HIGH
Fixed in
Affected Products
1

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

A cross-site scripting or similar client-side injection vulnerability affects Oracle WebCenter Content (Content Server component), versions 12.2.1.4.0 and 14.1.2.0.0. The vulnerability is reachable over HTTPS by any low-privileged authenticated user, but requires a victim to interact with attacker-controlled content, and its scope extends beyond the directly attacked product. Successful exploitation gives the attacker read access to all data accessible within Oracle WebCenter Content and limited write access (insert, update, delete) to some of that data. HarborGuard is tracking this advisory and will make a patched-image rebuild available the moment Oracle publishes a fix.

HarborGuard Coverage

Detection

Detection is available across every HarborGuard environment: the CVE is ingested from Oracle and NVD feeds within minutes of publication and matched against customer images in connected registries and CI pipelines, including custom-built images that layer Oracle WebCenter Content components.

Available
Triage

Triage is available with a CVSS 3.1 score of 7.6 (HIGH), weighted against each customer environment's compliance policy to determine urgency; findings are routed to the appropriate team inbox within the customer org based on configured ownership rules.

Available
Patch

No fix version has been published for this CVE. HarborGuard re-checks the Oracle advisory on every ingest cycle and will make a patched-image rebuild available automatically the moment upstream publishes a corrected release; for customers with auto-remediation enabled, a regression run and a PR against affected workloads will follow without manual intervention.

Pending upstream

Exploit Conditions

  • Network reachabilityRequired

    The attacker must reach the Oracle WebCenter Content service over a network connection via HTTPS; there is no local or physical access requirement.

  • AuthenticationRequired

    A low-privilege account is sufficient; the attacker must be authenticated but does not need administrative or elevated rights.

  • Victim interactionRequired

    A person other than the attacker must interact with attacker-controlled content (such as visiting a crafted URL or viewing a malicious payload), making social engineering a prerequisite.

  • Attack complexityDetail

    Attack complexity is low, meaning the exploit is reliable and does not depend on race conditions, specific memory layouts, or other unpredictable environmental factors.

Blast Radius

  • The attacker reads all data accessible to the compromised Oracle WebCenter Content instance, including stored documents, metadata, and user records.
  • The attacker performs unauthorized inserts, updates, or deletes against a subset of Oracle WebCenter Content data, allowing tampering with managed content or configuration records.
  • Because the CVSS scope is marked as changed, impact can extend to other products or services that share session context, trust relationships, or data with Oracle WebCenter Content.

How HarborGuard Handles This

Available on HarborGuard: because Oracle has not yet published a fix for CVE-2026-35327, the platform monitors the upstream advisory on every ingest cycle and will trigger a patched-image rebuild automatically once a corrected release appears. For customers with auto-remediation enabled, that rebuild will be followed by a regression test run and a PR opened against affected workloads, with no manual steps required. In the interim, compensating controls worth evaluating include network-policy rules that restrict which internal services can reach the Content Server component, egress filtering to limit the blast radius of a scope-change exploit, and review of user privilege assignments to ensure the low-privilege account surface is as narrow as possible. Customers can also use HarborGuard's policy engine to flag any image containing the affected versions (12.2.1.4.0 or 14.1.2.0.0) as non-compliant in CI pipelines until a patch is available.

See how HarborGuard automates this
Affected packages
  • Oracle Corporation / Oracle WebCenter Content
    12.2.1.4.0 · 14.1.2.0.0
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N
References