Skip to main content

Oracle Coherence CVE-2026-35305

| EUVDEUVD-2026-37431 CRITICAL
Improper Access Control (CWE-284)
2026-06-16 oracle
9.3
CVSS 3.1 · Vendor: oracle
Share

Severity by source

Vendor (oracle) PRIMARY
9.3 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N
vuln.today AI
9.3 CRITICAL

Description confirms unauthenticated network HTTP exploitation (AV:N/AC:L/PR:N/UI:N), scope change into adjacent products (S:C), full read of accessible data (C:H), partial write (I:L), and no availability impact (A:N).

3.1 AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N
4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:L/SI:L/SA:N

Primary rating from Vendor (oracle).

CVSS VectorVendor: oracle

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
Low
Availability
None

Lifecycle Timeline

1
Analysis Generated
Jun 16, 2026 - 21:36 vuln.today

DescriptionCVE.org

Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Centralized Third Party Jars). The supported version that is affected is 15.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Coherence. While the vulnerability is in Oracle Coherence, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Coherence accessible data as well as unauthorized update, insert or delete access to some of Oracle Coherence accessible data. CVSS 3.1 Base Score 9.3 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N).

AnalysisAI

Unauthenticated remote compromise of Oracle Coherence 15.1.1.0.0 (Oracle Fusion Middleware) via HTTP allows attackers to read all accessible data and modify a subset, with a scope change that can impact adjacent products. CVSS 3.1 base score is 9.3 (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N) and no public exploit is identified at time of analysis, though the low attack complexity and unauthenticated network reachability make this a high-priority Critical Patch Update item.

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Identify exposed Coherence HTTP listener
Delivery
Send crafted unauthenticated HTTP request
Exploit
Trigger flaw in bundled third-party JAR
Execution
Bypass authentication into Coherence context
Persist
Cross scope boundary into adjacent Fusion Middleware component
Impact
Read cached/grid data and tamper with subset

Vulnerability AssessmentAI

Exploitation Exploitation requires only network reachability to an Oracle Coherence 15.1.1.0.0 HTTP interface (Coherence*Extend HTTP, REST management, or any service backed by the 'Centralized Third Party Jars' component) on a host running the affected version; no authentication, user interaction, or non-default configuration is required per the CVSS vector AV:N/AC:L/PR:N/UI:N. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N) is one of the strongest possible risk profiles short of full integrity/availability impact: remote, unauthenticated, low-complexity, no user interaction, and crossing a scope boundary, scoring 9.3. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker reaches an exposed Oracle Coherence HTTP endpoint over the network without credentials and sends a crafted HTTP request that exercises the vulnerable third-party JAR, bypassing authentication and reading sensitive cached data such as session state, configuration, or business records held in the grid. Because the vulnerability has scope change, the attacker may also pivot into adjacent Fusion Middleware components co-located with the Coherence JVM (e.g., a hosting WebLogic domain) to modify a limited set of records. …
Remediation Apply the patch shipped in Oracle's June 2026 Critical Patch Update (https://www.oracle.com/security-alerts/cspujun2026.html) for Oracle Coherence 15.1.1.0.0 - patch availability is confirmed via the Oracle CPU advisory, though no standalone fix version string is published outside of the CPU bundle, so install the CPU as the primary remediation. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

24 hours: Inventory all Oracle Coherence 15.1.1.0.0 instances; assess network exposure and document which are Internet-facing or accessible from untrusted networks. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-35305 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy