Unauthenticated Access Vulnerability in Oracle WebLogic Server
CVE-2026-35292
10CRITICAL
What is CVE-2026-35292?
A vulnerability exists in the WebLogic Server component of Oracle Fusion Middleware that enables unauthenticated attackers with network access via HTTP to compromise the server. Affecting specific versions 14.1.2.0.0 and 15.1.1.0.0, this flaw can lead to significant security risks, including the potential takeover of the WebLogic Server, thereby impacting the confidentiality, integrity, and availability of the system. Given the scope of this vulnerability, it poses a serious threat not only to WebLogic Server but also to interconnected systems.
Affected Version(s)
WebLogic Server 14.1.2.0.0
WebLogic Server 15.1.1.0.0