PatchSiren cyber security CVE debrief
CVE-2026-35324 Oracle Corporation CVE debrief
A high-severity vulnerability was discovered in Oracle WebCenter Content, a product of Oracle Fusion Middleware. The vulnerability, tracked as CVE-2026-35324, affects versions 12.2.1.4.0 and 14.1.2.0.0. It is an easily exploitable vulnerability that allows a low-privileged attacker with network access via HTTP to compromise Oracle WebCenter Content, potentially leading to a takeover of the system. The vulnerability has a CVSS 3.1 Base Score of 8.8, indicating a high severity level. The CVSS vector is CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, showing that the vulnerability can be exploited over the network with low privileges, no user interaction, and has high impacts on confidentiality, integrity, and availability. Organizations should prioritize patching this vulnerability due to its high CVSS score and potential impact.
- Vendor
- Oracle Corporation
- Product
- Oracle WebCenter Content
- CVSS
- HIGH 8.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-17
- Original CVE updated
- 2026-06-19
- Advisory published
- 2026-06-17
- Advisory updated
- 2026-06-19
Who should care
Organizations using Oracle WebCenter Content versions 12.2.1.4.0 and 14.1.2.0.0 should prioritize patching this vulnerability. The vulnerability's high CVSS score of 8.8 indicates a significant risk, with potential impacts on confidentiality, integrity, and availability. Security teams and administrators responsible for Oracle WebCenter Content deployments should take immediate action to mitigate this vulnerability.
Technical summary
The vulnerability is located in the Content Server component of Oracle WebCenter Content. It has a CVSS 3.1 Base Score of 8.8, indicating a high severity level. The CVSS vector is CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, showing that the vulnerability can be exploited over the network with low privileges, no user interaction, and has high impacts on confidentiality, integrity, and availability. The vulnerability affects Oracle WebCenter Content versions 12.2.1.4.0 and 14.1.2.0.0.
Defensive priority
High
Recommended defensive actions
- Apply the patches provided by Oracle as soon as possible
- Restrict network access to Oracle WebCenter Content to trusted users only
- Monitor Oracle WebCenter Content for any suspicious activity
- Consider implementing additional security controls such as Web Application Firewalls (WAFs) to detect and prevent exploitation attempts
- Review compensating controls for exposed systems while remediation is scheduled and verified
- Check relevant monitoring, detection, and logs for exposed assets that need extra review
- Track exceptions, retest remediated assets, and close the item only after evidence is documented
Evidence notes
The CVE record was published on 2026-06-17T10:40:24.620Z and was last modified on 2026-06-19T06:17:04.047Z. The NVD entry is currently Analyzed. This information is based on the NVD entry and the CVE record. The vulnerability affects Oracle WebCenter Content versions 12.2.1.4.0 and 14.1.2.0.0. The CVSS score is 8.8, indicating a high severity level. The vulnerability can be exploited over the network with low privileges, no user interaction, and has high impacts on confidentiality, integrity, and availability.
Official resources
-
CVE-2026-35324 CVE record
CVE.org
-
CVE-2026-35324 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-06-17T10:40:24.620Z and has not been modified since then. The NVD entry is currently Analyzed.