Unauthenticated Access Vulnerability in Oracle WebLogic Server
CVE-2026-35292

10CRITICAL

Key Information:

Vendor

Oracle

Vendor
CVE Published:
16 June 2026

What is CVE-2026-35292?

A vulnerability exists in the WebLogic Server component of Oracle Fusion Middleware that enables unauthenticated attackers with network access via HTTP to compromise the server. Affecting specific versions 14.1.2.0.0 and 15.1.1.0.0, this flaw can lead to significant security risks, including the potential takeover of the WebLogic Server, thereby impacting the confidentiality, integrity, and availability of the system. Given the scope of this vulnerability, it poses a serious threat not only to WebLogic Server but also to interconnected systems.

Affected Version(s)

WebLogic Server 14.1.2.0.0

WebLogic Server 15.1.1.0.0

References

CVSS V3.1

Score:
10
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.