WebLogic Server Vulnerability in Oracle Fusion Middleware Products
CVE-2026-35298

9.1CRITICAL

Key Information:

Vendor

Oracle

Vendor
CVE Published:
16 June 2026

What is CVE-2026-35298?

A vulnerability exists in Oracle's WebLogic Server found within the Fusion Middleware suite, enabling attackers with high privileges and network access via HTTP to potentially compromise the server. This allows for unauthorized access and manipulation of the server, which could lead to significant security risks not only within WebLogic Server but also across integrated products. Supported versions that may be affected include 12.2.1.4.0, 14.1.1.0.0, 14.1.2.0.0, and 15.1.1.0.0.

Affected Version(s)

WebLogic Server 12.2.1.4.0

WebLogic Server 14.1.1.0.0

WebLogic Server 14.1.2.0.0

References

CVSS V3.1

Score:
9.1
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.