PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-35295 Oracle Corporation CVE debrief

A high-severity vulnerability was discovered in Oracle WebCenter Sites, a product of Oracle Fusion Middleware. The vulnerability, tracked as CVE-2026-35295, has a CVSS score of 7.5 and can be exploited by a low-privileged attacker with network access via HTTP, potentially leading to a takeover of Oracle WebCenter Sites. The vulnerability affects versions 12.2.1.4.0 and 14.1.2.0.0 of Oracle WebCenter Sites. The vulnerability is difficult to exploit and requires low privileges and network access via HTTP. Successful exploitation can result in confidentiality, integrity, and availability impacts.

Vendor
Oracle Corporation
Product
Oracle WebCenter Sites
CVSS
HIGH 7.5
CISA KEV
Not listed in stored evidence
Original CVE published
2026-06-17
Original CVE updated
2026-06-17
Advisory published
2026-06-17
Advisory updated
2026-06-17

Who should care

Administrators and security teams responsible for Oracle WebCenter Sites installations should prioritize patching this vulnerability to prevent potential exploitation. This is a high-severity vulnerability with a CVSS score of 7.5, and successful exploitation can result in a takeover of Oracle WebCenter Sites.

Technical summary

The vulnerability is located in the WebCenter Sites component of Oracle WebCenter Sites and affects versions 12.2.1.4.0 and 14.1.2.0.0. It is a difficult-to-exploit vulnerability that requires low privileges and network access via HTTP. Successful exploitation can result in confidentiality, integrity, and availability impacts. The CVSS vector is (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H). Administrators should focus on patching due to high severity and potential takeover risk. Oracle WebCenter Sites installations should be assessed for exposure, and compensating controls reviewed while remediation is planned.

Defensive priority

High priority should be given to patching this vulnerability due to its high CVSS score and potential impact on Oracle WebCenter Sites installations.

Recommended defensive actions

  • Apply the patch provided by Oracle Corporation as soon as possible
  • Review and update access controls to limit network access to Oracle WebCenter Sites
  • Monitor Oracle WebCenter Sites installations for any suspicious activity
  • Consider implementing additional security measures to protect against potential exploitation
  • Review compensating controls for exposed systems while remediation is scheduled and verified
  • Check relevant monitoring, detection, and logs for exposed assets that need extra review
  • Track exceptions, retest remediated assets, and close the item only after evidence is documented

Evidence notes

The CVE record was published on 2026-06-17T10:40:21.670Z and last modified on 2026-06-17T18:46:54.663Z. The NVD entry is currently Analyzed. This information is based on the NVD entry and the CVE record. The vulnerability affects Oracle WebCenter Sites versions 12.2.1.4.0 and 14.1.2.0.0. The CVSS score is 7.5, indicating a high-severity vulnerability. The vulnerability is difficult to exploit and requires low privileges and network access via HTTP.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-06-17T10:40:21.670Z and has not been modified since then. The NVD entry is currently Analyzed.