WebLogic Server Vulnerability in Oracle Fusion Middleware
CVE-2026-35258

8.7HIGH

Key Information:

Vendor

Oracle

Vendor
CVE Published:
16 June 2026

What is CVE-2026-35258?

A vulnerability exists in Oracle WebLogic Server that could allow an attacker with low privileges and network access via HTTPS to compromise the server. This vulnerability requires interaction from a user other than the attacker, which increases the complexity of exploitation. Successful exploitation could result in unauthorized actions such as creating, deleting, or modifying critical data accessible through WebLogic Server. Given that the vulnerability resides in WebLogic Server, attackers may use it to impact additional Oracle products, necessitating urgent attention from users of affected versions 14.1.2.0.0 and 15.1.1.0.0.

Affected Version(s)

WebLogic Server 14.1.2.0.0

WebLogic Server 15.1.1.0.0

References

CVSS V3.1

Score:
8.7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.