A critical vulnerability in Oracle WebCenter Content permits unauthorized remote takeover of the application by low-privileged attackers, posing a severe risk to organizational data integrity.

This is an easily exploitable vulnerability within the Content Server component. It allows a low-privileged authenticated attacker with network access to execute unauthorized actions, potentially leading to a full system compromise.

With a CVSS score of 9.9, this vulnerability represents a critical risk. Successful exploitation allows an attacker to bypass security controls, leading to total compromise of confidentiality, integrity, and availability. Furthermore, the "scope change" indicates that attackers could potentially pivot to impact other interconnected systems within the Oracle Fusion Middleware environment.

Immediate Action: Update Oracle WebCenter Content to the latest version provided by the vendor at https://www.oracle.com/security-alerts/cspujun2026.html.

Proactive Monitoring: Review application and network access logs for anomalous HTTP requests originating from low-privileged accounts that deviate from standard operational patterns.

Compensating Controls: Deploy a Web Application Firewall (WAF) with updated rulesets to inspect and block malicious payloads targeting the Content Server component.

Public Exploit Available: false

Given the critical CVSS score of 9.9 and the potential for full system takeover, this vulnerability must be treated as a priority. Administrators should apply the vendor-supplied patches immediately to mitigate the risk of unauthorized remote exploitation.