Vulnerability in Oracle WebLogic Server Component of Oracle Fusion Middleware
CVE-2026-34292

7.2HIGH

Key Information:

Vendor: Oracle
Status: Oracle Weblogic Server
Vendor: CVE Published:; 21 April 2026

What is CVE-2026-34292?

A security vulnerability has been discovered in the Oracle WebLogic Server component of Oracle Fusion Middleware, specifically affecting versions 12.2.1.4.0 and 14.1.1.0.0. This flaw can be exploited by an attacker with high privileges and network access via HTTP, potentially leading to unauthorized control over the WebLogic Server. Successful exploitation compromises the server's confidentiality, integrity, and availability, posing significant risks to organizations relying on this critical infrastructure.

Affected Version(s)

Oracle WebLogic Server 12.2.1.4.0

Oracle WebLogic Server 14.1.1.0.0

References

https://www.oracle.com/security-alerts/cpuapr2026.html

vendor-advisory

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 21, 2026
Vulnerability Reserved
Mar 26, 2026

CVE-2026-34292 Data

JSON