Unauthenticated Remote Code Execution in Oracle WebLogic Server Console
CVE-2026-35259
8.8HIGH
What is CVE-2026-35259?
A significant security flaw exists in the Oracle WebLogic Server Console, allowing unauthenticated attackers with network access via HTTPS to exploit the system. This vulnerability is particularly concerning as it enables unauthorized manipulation of the WebLogic Server, potentially allowing attackers to gain control over it. Exploitation requires interaction from an unsuspecting user, which increases the risk of successful attacks. The flaw affects specific versions of WebLogic Server, emphasizing the importance of immediate security assessments and remediation for users of the affected products.
Affected Version(s)
WebLogic Server 14.1.2.0.0
WebLogic Server 15.1.1.0.0