CVE-2026-35295 – Oracle WebCenter Sites

CVSS 7.5 IMPORTANT Critical or Zero Day – Immediate Deployment

“A public-facing content platform only needs one critical weakness to create a major business problem.”

Oracle WebCenter Sites has been updated to address eleven vulnerabilities spanning critical and high severity levels. CVE-2026-46798 and CVE-2026-46800 each have a CVSS score of 10.0, which is Critical severity. CVE-2026-35293, CVE-2026-35296, CVE-2026-46797, CVE-2026-46799, and CVE-2026-46801 each have a CVSS score of 9.8, which is Critical severity. CVE-2026-46809 has a CVSS score of 9.1, which is Critical severity.

The update also addresses several High severity vulnerabilities. CVE-2026-35318 has a CVSS score of 8.8, which is High severity. CVE-2026-46796 has a CVSS score of 8.0, which is High severity. CVE-2026-35295 has a CVSS score of 7.5, which is High severity. No verified exploitation information was provided for any of the vulnerabilities included in this update.

Key Details

Affected Product
Oracle Webcenter Sites
Attack Vector
Network
Attack Complexity
High
Privileges Required
Low
User Interaction
None
CWE Classification
CWE-306
Patch this CVE on all your endpoints in under 5 minutes. First 200 endpoints are free forever, scale as needed.