Vulnerability in Oracle WebLogic Server Console Affects Multiple Versions
CVE-2026-35302

8.3HIGH

Key Information:

Vendor

Oracle

Vendor
CVE Published:
16 June 2026

What is CVE-2026-35302?

A security flaw exists in the Oracle WebLogic Server's Console component that allows unauthenticated attackers to exploit the system remotely via HTTP. The exploitation of this vulnerability requires human interaction, posing a risk not only to WebLogic Server itself but also potentially impacting other connected systems. Successful exploitation can lead to unauthorized access and administrative control over the WebLogic Server environment, compromising the confidentiality, integrity, and availability of the server and its resources.

Affected Version(s)

WebLogic Server 12.2.1.4.0

WebLogic Server 14.1.1.0.0

References

CVSS V3.1

Score:
8.3
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.