Unauthenticated Remote Code Execution in Oracle WebLogic Server Console
CVE-2026-35259

8.8HIGH

Key Information:

Vendor

Oracle

Vendor
CVE Published:
16 June 2026

What is CVE-2026-35259?

A significant security flaw exists in the Oracle WebLogic Server Console, allowing unauthenticated attackers with network access via HTTPS to exploit the system. This vulnerability is particularly concerning as it enables unauthorized manipulation of the WebLogic Server, potentially allowing attackers to gain control over it. Exploitation requires interaction from an unsuspecting user, which increases the risk of successful attacks. The flaw affects specific versions of WebLogic Server, emphasizing the importance of immediate security assessments and remediation for users of the affected products.

Affected Version(s)

WebLogic Server 14.1.2.0.0

WebLogic Server 15.1.1.0.0

References

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.