What is the CVSS score of CVE-2026-35258?

CVE-2026-35258 has a CVSS 3.1 base score of 8.7 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N. EPSS exploitation probability: 0.4%.

Which versions of Oracle WebLogic Server are affected by CVE-2026-35258?

Oracle WebLogic Server versions 14.1 and 15.1 contain a high-severity vulnerability (CVSS 8.7) with no public exploit identified at time of analysis that could allow attackers to read, modify, or…

How to fix or mitigate CVE-2026-35258?

24 HOURS: Inventory all systems running WebLogic 14.1.2.0.0 or 15.1.1.0.0; restrict administrative console access to trusted internal networks only; enable detailed audit logging for all console activities; issue security awareness notice to administrators regarding social engineering threats. 7 DAYS: Deploy multi-factor authentication for all WebLogic administrative accounts; implement IP whitelist restrictions on console access; disable remote access to HTTP(S)-based console if operationally feasible. 30 DAYS: Establish vendor notification monitoring for patch release; develop and test upgrade pathway to patched WebLogic versions; conduct access control audit and administrator training.

Oracle WebLogic Server CVE-2026-35258

EUVD-2026-37392 HIGH

URL Redirection to Untrusted Site (Open Redirect) (CWE-601)

2026-06-16 oracle

Authentication Bypass Oracle Weblogic Server Open Redirect

8.7

CVSS 3.1 · Vendor: oracle

Severity by source

Vendor (oracle) PRIMARY

8.7 HIGH

AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

vuln.today AI

8.7 HIGH

HTTPS-reachable Console (AV:N/AC:L), attacker needs a low-privileged account (PR:L), a second user must interact (UI:R), scope changes into other Fusion Middleware (S:C); data is read/modified but no availability impact.

3.1 AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

4.0 AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:N/SC:L/SI:L/SA:N

Primary rating from Vendor (oracle).

CVSS VectorVendor: oracle

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Changed

Confidentiality

High

Integrity

High

Availability

None

Lifecycle Timeline

Analysis Generated

Jun 16, 2026 - 21:15 vuln.today

DescriptionCVE.org

Vulnerability in the WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 14.1.2.0.0 and 15.1.1.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise WebLogic Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in WebLogic Server, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all WebLogic Server accessible data as well as unauthorized access to critical data or complete access to all WebLogic Server accessible data. CVSS 3.1 Base Score 8.7 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N).

AnalysisAI

Cross-scope data compromise in Oracle WebLogic Server 14.1.2.0.0 and 15.1.1.0.0 allows a low-privileged remote attacker over HTTPS to read, create, modify, or delete critical data through the administration Console, provided a separate user is induced to perform an action. The CVSS 3.1 base score of 8.7 reflects high confidentiality and integrity impact with scope change reaching beyond WebLogic itself, and no public exploit identified at time of analysis.

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access

Obtain low-privileged Console account

Delivery

Identify target admin user

Exploit

Craft malicious Console interaction payload

Execution

Lure admin to trigger action over HTTPS

Persist

Privileged operation executes in admin context

Impact

Read or modify critical data across Fusion Middleware scope

Access

Obtain low-privileged Console account

Delivery

Identify target admin user

Exploit

Craft malicious Console interaction payload

Execution

Lure admin to trigger action over HTTPS

Persist

Privileged operation executes in admin context

Impact

Read or modify critical data across Fusion Middleware scope

Vulnerability AssessmentAI

Exploitation	The attacker must hold a valid low-privileged account on the WebLogic Server administration Console (PR:L) of a 14.1.2.0.0 or 15.1.1.0.0 instance and must reach it over HTTPS (AV:N/AC:L). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment	The CVSS 3.1 score of 8.7 is elevated primarily by the scope change (S:C), since a successful attack can pivot from WebLogic into other Oracle Fusion Middleware products that share trust with the Console. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	An attacker with a low-privileged WebLogic Console account crafts a malicious link, page, or Console artifact and lures an administrator who is authenticated to the same Console into interacting with it over HTTPS. The interaction causes the administrator's browser to execute privileged Console operations that read or alter critical configuration and data, and because scope changes, the impact extends to other Oracle Fusion Middleware components trusting the WebLogic security realm. …
Remediation	Apply the Oracle Critical Patch Update from June 2026 referenced at https://www.oracle.com/security-alerts/cspujun2026.html, which is the patch available per vendor advisory for WebLogic Server 14.1.2.0.0 and 15.1.1.0.0; an exact patched build number is not stated in the input data and should be taken from the Oracle CPU patch matrix. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

24 HOURS: Inventory all systems running WebLogic 14.1.2.0.0 or 15.1.1.0.0; restrict administrative console access to trusted internal networks only; enable detailed audit logging for all console activities; issue security awareness notice to administrators regarding social engineering threats. …

Threat intelligence, references, and detailed analysis are available after sign-in.

More from same product – last 7 days

CVE-2026-35292 CRITICAL Act Now

10.0 Jun 16

Unauthenticated remote takeover in Oracle WebLogic Server 14.1.2.0.0 and 15.1.1.0.0 (Console component) allows network a

CVE-2026-35301 CRITICAL Act Now

10.0 Jun 16

Remote takeover of Oracle WebLogic Server 12.2.1.4.0 and 14.1.1.0.0 is possible via the Console component, allowing an u

CVE-2026-35263 CRITICAL Act Now

9.9 Jun 16

Remote takeover of Oracle WebLogic Server 14.1.2.0.0 and 15.1.1.0.0 (Fusion Middleware, Core component) is achievable by

CVE-2026-35300 CRITICAL Act Now

9.8 Jun 16

Remote takeover of Oracle WebLogic Server (versions 12.2.1.4.0, 14.1.1.0.0, 14.1.2.0.0, and 15.1.1.0.0) is possible by u

CVE-2026-35298 CRITICAL Act Now

9.1 Jun 16

Authenticated takeover of Oracle WebLogic Server (Fusion Middleware Core component) is possible by a high-privileged att

CVE-2026-35258 vulnerability details – vuln.today

Back