This vulnerability affects Oracle WebCenter Content version 14.1.2.0.0 and allows an unauthenticated attacker with network access over HTTP to compromise the system, resulting in unauthorized access to critical or all accessible data. The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) indicates that the attack can be performed remotely with low complexity, no privileges, and no user interaction, impacting confidentiality but not integrity or availability. The vulnerability is publicly disclosed and included in Oracle's June 2026 Critical Security Patch Update advisory. Oracle strongly recommends applying the security patches provided in this update to remediate the issue. No explicit patch availability or remediation level is stated in the CVE data, but the vendor advisory confirms that patches are included in the June 2026 Critical Security Patch Update.

Successful exploitation of this vulnerability can lead to unauthorized access to critical data or complete access to all data accessible by Oracle WebCenter Content 14.1.2.0.0. The confidentiality of sensitive information is severely impacted, while integrity and availability are not affected according to the CVSS vector. This poses a significant risk to organizations using the affected version, potentially exposing sensitive content to attackers without requiring authentication.

Oracle's June 2026 Critical Security Patch Update includes security patches addressing this vulnerability. Customers are strongly advised to apply these patches as soon as possible to mitigate the risk. Until patches are applied, risk reduction may be possible by blocking network protocols required for the attack or by removing unnecessary privileges from users, though these measures may impact application functionality. Oracle recommends remaining on actively supported versions and promptly applying security updates. Patch status is confirmed by the vendor advisory indicating patches are available in the June 2026 Critical Security Patch Update.