Vulnerability in Oracle Fusion Middleware's WebLogic Server Console
CVE-2026-35291

6.6MEDIUM

Key Information:

Vendor

Oracle

Vendor
CVE Published:
16 June 2026

What is CVE-2026-35291?

A security flaw exists in the Oracle Fusion Middleware WebLogic Server Console, allowing an attacker with high privileges and network access via HTTP to compromise the server. This vulnerability can lead to complete takeover of the WebLogic Server, posing significant risks to confidentiality, integrity, and availability of the system. Users of the affected versions (14.1.2.0.0 and 15.1.1.0.0) should take immediate action to mitigate potential threats.

Affected Version(s)

WebLogic Server 14.1.2.0.0

WebLogic Server 15.1.1.0.0

References

CVSS V3.1

Score:
6.6
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.