Vulnerability in Oracle Fusion Middleware WebLogic Server Console
CVE-2026-46848
What is CVE-2026-46848?
An access control vulnerability exists in the Console component of Oracle Fusion Middleware's WebLogic Server. Attackers with low privileges who log on to the affected infrastructure can exploit this flaw, potentially leading to unauthorized creation, deletion, or modification of critical data. Exploitation of this vulnerability requires human interaction from a person other than the attacker, thereby increasing the complexity of successful attacks. Despite being in the WebLogic Server, the impacts may extend to other products within its scope. Organizations utilizing WebLogic Server versions 14.1.2.0.0 and 15.1.1.0.0 should apply updates immediately to mitigate risks to their sensitive data.
Affected Version(s)
WebLogic Server 14.1.2.0.0
WebLogic Server 15.1.1.0.0