This vulnerability affects Oracle WebCenter Content (component: Content Server) in versions 12.2.1.4.0 and 14.1.2.0.0. It is easily exploitable by a high privileged attacker with network access via HTTP, allowing compromise of the product and potentially impacting additional Oracle products. The CVSS 3.1 vector (AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H) indicates network attack vector, low attack complexity, high privileges required, no user interaction, scope change, and high impact on confidentiality, integrity, and availability. Oracle's June 2026 Critical Security Patch Update includes patches addressing this vulnerability among 245 others. Oracle strongly recommends applying these patches without delay.

Successful exploitation can lead to complete takeover of Oracle WebCenter Content, affecting confidentiality, integrity, and availability of the system. The vulnerability also has scope to impact additional Oracle products beyond WebCenter Content. The CVSS score of 9.1 reflects critical severity with network-based exploitation possible by a high privileged attacker.

Oracle has released patches for this vulnerability as part of the June 2026 Critical Security Patch Update. Customers should apply these patches promptly to remediate the issue. Until patches are applied, risk can be reduced by blocking network protocols required for exploitation and removing unnecessary privileges from users. Oracle strongly recommends remaining on actively supported versions and applying security patches without delay. Patch status is confirmed by the vendor advisory at https://www.oracle.com/security-alerts/cspujun2026.html.