CVE-2026-35320
CRITICAL
9.0
CVSS 3.1
Metadata
Severity & Metrics
9.0
CRITICAL CVSS 3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Affected products (1)
| Vendor | Product | Platform | Versions |
|---|---|---|---|
| Oracle Corporation | Oracle WebCenter Content | — | 12.2.1.4.0, 14.1.2.0.0 |
Weakness (CWE)
| CWE | Source | Description |
|---|---|---|
| — | cna | Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Content. While the vulnerability is in Oracle WebCenter Content, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle WebCenter Content. |
CVSS scores (1)
| Score | Severity | Version | Source | Vector |
|---|---|---|---|---|
| 9.0 | CRITICAL | 3.1 | cna | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H |
References (1)
- Oracle Advisory https://www.oracle.com/security-alerts/cspujun2026.html