This vulnerability affects Oracle WebCenter Content, a component of Oracle Fusion Middleware, specifically versions 12.2.1.4.0 and 14.1.2.0.0. It is easily exploitable by an attacker with low privileges who has network access via HTTP, enabling compromise and potential takeover of the product. The CVSS 3.1 vector (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) reflects network attack vector, low attack complexity, low privileges required, no user interaction, unchanged scope, and high impact on confidentiality, integrity, and availability. Oracle's June 2026 Critical Security Patch Update includes fixes for this vulnerability among 245 others. The vendor strongly recommends applying these patches without delay. Workarounds include blocking network protocols required for exploitation and removing unnecessary privileges from users, though these may disrupt normal operations.

Successful exploitation can lead to full compromise of Oracle WebCenter Content, impacting confidentiality, integrity, and availability of the system. This could allow attackers to take over the affected product, potentially leading to unauthorized data access, modification, or denial of service.

Oracle has released a Critical Security Patch Update in June 2026 that addresses this vulnerability. Customers should apply the provided security patches as soon as possible. Until patches are applied, risk may be reduced by blocking network protocols required for the attack and removing unnecessary privileges from users, but these measures may affect application functionality. Patch status is not explicitly stated in the advisory, but the presence of the vulnerability in the June 2026 Critical Security Patch Update strongly indicates an official fix is available. Customers should consult the Oracle advisory at https://www.oracle.com/security-alerts/cspujun2026.html for detailed patch availability and installation instructions.