Skip to main content

Oracle WebLogic Server CVE-2026-35303

| EUVD-2026-37429 HIGH
Missing Authentication for Critical Function (CWE-306)
2026-06-16 oracle
Oracle Weblogic Server Authentication Bypass
8.8
CVSS 3.1 · Vendor: oracle
Share

Severity by source

Vendor (oracle) PRIMARY
8.8 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
vuln.today AI
8.8 HIGH

Console is reachable over HTTP (AV:N), low complexity per vendor (AC:L), a low-privileged WebLogic account is required (PR:L), no user interaction, and the described outcome is full server takeover (C/I/A:H).

3.1 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (oracle).

CVSS VectorVendor: oracle

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
Analysis Generated
Jun 16, 2026 - 21:35 vuln.today

DescriptionCVE.org

Vulnerability in the WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise WebLogic Server. Successful attacks of this vulnerability can result in takeover of WebLogic Server. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

AnalysisAI

Authenticated remote takeover in Oracle WebLogic Server 12.2.1.4.0 and 14.1.1.0.0 via the Console component allows a low-privileged attacker with HTTP network access to fully compromise the server. Oracle rates the flaw CVSS 8.8 with high impact on confidentiality, integrity, and availability, and no public exploit identified at time of analysis. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Identify exposed WebLogic Console
Delivery
Authenticate with low-privileged account
Exploit
Send crafted HTTP request to Console endpoint
Execution
Trigger takeover primitive in Console
Persist
Execute code as WebLogic process
Impact
Pivot into Fusion Middleware applications
Sign in to reveal

Vulnerability AssessmentAI

Exploitation The attacker must (1) have network HTTP/HTTPS reach to the WebLogic administration Console (the /console application on the admin server port, typically 7001 or 7002) and (2) possess valid credentials for a low-privileged WebLogic role (PR:L per CVSS) - anonymous exploitation is not indicated. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 vector (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) indicates a network-reachable, low-complexity, no-user-interaction path that requires only a low-privileged account and yields full server takeover - a high-priority profile, especially because WebLogic Console exposures have been repeatedly weaponized historically. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who has obtained or been issued a low-privileged WebLogic account (for example, an operator or monitor role, or a credential harvested from another breach) reaches the Console over HTTP and submits a crafted request to the vulnerable Console endpoint. Because attack complexity is low and no user interaction is required, the request triggers code execution or privilege escalation in the Console process, resulting in full takeover of the WebLogic Server and any Fusion Middleware applications it hosts. …
Remediation Apply the patch available per vendor advisory in the Oracle Critical Patch Update Advisory for June 2026 (https://www.oracle.com/security-alerts/cspujun2026.html), which contains the WebLogic Server patches for 12.2.1.4.0 and 14.1.1.0.0 - exact fix patch IDs are listed in the CPU matrix and should be applied during the next available maintenance window. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Recommended ActionAI

Within 24 hours: Identify and inventory all WebLogic Server 12.2.1.4.0 and 14.1.1.0.0 instances; map business functions and dependencies for each. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

More from same product – last 7 days

CVE-2026-35292 CRITICAL
10.0 Jun 16

Unauthenticated remote takeover in Oracle WebLogic Server 14.1.2.0.0 and 15.1.1.0.0 (Console component) allows network a
CVE-2026-35301 CRITICAL
10.0 Jun 16

Remote takeover of Oracle WebLogic Server 12.2.1.4.0 and 14.1.1.0.0 is possible via the Console component, allowing an u
CVE-2026-35263 CRITICAL
9.9 Jun 16

Remote takeover of Oracle WebLogic Server 14.1.2.0.0 and 15.1.1.0.0 (Fusion Middleware, Core component) is achievable by
CVE-2026-35300 CRITICAL
9.8 Jun 16

Remote takeover of Oracle WebLogic Server (versions 12.2.1.4.0, 14.1.1.0.0, 14.1.2.0.0, and 15.1.1.0.0) is possible by u
CVE-2026-35298 CRITICAL
9.1 Jun 16

Authenticated takeover of Oracle WebLogic Server (Fusion Middleware Core component) is possible by a high-privileged att

Share

CVE-2026-35303 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy