Vulnerability in Oracle Fusion Middleware WebLogic Server Console
CVE-2026-46848

7.9HIGH

Key Information:

Vendor

Oracle

Vendor
CVE Published:
16 June 2026

What is CVE-2026-46848?

An access control vulnerability exists in the Console component of Oracle Fusion Middleware's WebLogic Server. Attackers with low privileges who log on to the affected infrastructure can exploit this flaw, potentially leading to unauthorized creation, deletion, or modification of critical data. Exploitation of this vulnerability requires human interaction from a person other than the attacker, thereby increasing the complexity of successful attacks. Despite being in the WebLogic Server, the impacts may extend to other products within its scope. Organizations utilizing WebLogic Server versions 14.1.2.0.0 and 15.1.1.0.0 should apply updates immediately to mitigate risks to their sensitive data.

Affected Version(s)

WebLogic Server 14.1.2.0.0

WebLogic Server 15.1.1.0.0

References

CVSS V3.1

Score:
7.9
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.