Remote Code Execution Vulnerability in Oracle WebLogic Server
CVE-2026-35300
9.8CRITICAL
What is CVE-2026-35300?
A vulnerability in Oracle WebLogic Server's Core component allows unauthenticated remote attackers with TCP network access to gain control of the server. This flaw affects several versions, enabling potential complete server takeover. With trusted access, attackers can compromise confidentiality, integrity, and availability of the server's data and services. Organizations using the affected versions should prioritize mitigation efforts immediately.
Affected Version(s)
WebLogic Server 12.2.1.4.0
WebLogic Server 14.1.1.0.0
WebLogic Server 14.1.2.0.0