WebLogic Server Vulnerability in Oracle Fusion Middleware
CVE-2026-35263

9.9CRITICAL

Key Information:

Vendor

Oracle

Vendor
CVE Published:
16 June 2026

What is CVE-2026-35263?

A vulnerability exists in WebLogic Server within Oracle Fusion Middleware, affecting specific versions. This flaw allows low-privileged attackers with network access via HTTP to exploit the system. Exploitation can lead to a full takeover of the WebLogic Server, which poses significant risks to the integrity, confidentiality, and availability of not just the server but potentially other connected systems. Organizations using the affected versions should implement necessary security measures to mitigate these risks.

Affected Version(s)

WebLogic Server 14.1.2.0.0

WebLogic Server 15.1.1.0.0

References

CVSS V3.1

Score:
9.9
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.