Remote Code Execution Vulnerability in Oracle WebLogic Server
CVE-2026-35300

9.8CRITICAL

Key Information:

Vendor

Oracle

Vendor
CVE Published:
16 June 2026

What is CVE-2026-35300?

A vulnerability in Oracle WebLogic Server's Core component allows unauthenticated remote attackers with TCP network access to gain control of the server. This flaw affects several versions, enabling potential complete server takeover. With trusted access, attackers can compromise confidentiality, integrity, and availability of the server's data and services. Organizations using the affected versions should prioritize mitigation efforts immediately.

Affected Version(s)

WebLogic Server 12.2.1.4.0

WebLogic Server 14.1.1.0.0

WebLogic Server 14.1.2.0.0

References

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.