Skip to main content

Oracle WebLogic Server CVE-2026-35311

| EUVD-2026-37437 HIGH
Improper Access Control (CWE-284)
2026-06-16 oracle
Oracle Weblogic Server Authentication Bypass
8.8
CVSS 3.1 · Vendor: oracle
Share

Severity by source

Vendor (oracle) PRIMARY
8.8 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
vuln.today AI
8.8 HIGH

HTTP-reachable with no user interaction and low complexity; Oracle states a low-privileged account is required (PR:L), and successful exploit yields full server takeover (C:H/I:H/A:H, scope unchanged).

3.1 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (oracle).

CVSS VectorVendor: oracle

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
Analysis Generated
Jun 16, 2026 - 21:39 vuln.today

DescriptionCVE.org

Vulnerability in the WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise WebLogic Server. Successful attacks of this vulnerability can result in takeover of WebLogic Server. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

AnalysisAI

Authenticated remote code execution in Oracle WebLogic Server 12.2.1.4.0 and 14.1.2.0.0 allows a low-privileged attacker with HTTP access to fully take over the server, per Oracle's June 2026 Critical Patch Update. The CVSS 3.1 base score of 8.8 reflects full confidentiality, integrity, and availability impact with low attack complexity. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain low-privileged WebLogic credential
Delivery
Reach HTTP listener (7001/7002)
Exploit
Send crafted request to Core component
Execution
Trigger vulnerable handler in WebLogic JVM
Persist
Execute arbitrary code as WebLogic user
Impact
Deploy webshell and exfiltrate datasource secrets
Sign in to reveal

Vulnerability AssessmentAI

Exploitation Requires network reachability to the WebLogic Server HTTP listener on Oracle WebLogic 12.2.1.4.0 or 14.1.2.0.0 and a low-privileged authenticated session against WebLogic (PR:L) - fully unauthenticated exploitation is not indicated by the CVSS vector. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment This should be prioritized as a high-impact issue: CVSS 3.1 vector AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H indicates network-reachable, low-complexity exploitation requiring only a low-privileged account and no user interaction, with full CIA compromise. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who has obtained or registered a low-privileged WebLogic account (for example via a self-service portal, a leaked credential, or a compromised application user) sends a crafted HTTP request to a Core endpoint of an internet- or intranet-reachable WebLogic 12.2.1.4.0/14.1.2.0.0 instance. The request abuses the vulnerable Core handler to execute arbitrary code in the WebLogic JVM, yielding full server takeover that the attacker can use to deploy a webshell, exfiltrate datasource credentials, or pivot into the back-end database. …
Remediation Patch available per vendor advisory: apply the Oracle Critical Patch Update of June 2026 for WebLogic Server 12.2.1.4.0 and 14.1.2.0.0 as documented at https://www.oracle.com/security-alerts/cspujun2026.html; Oracle did not publish a discrete fixed build number in the provided data, so consult the CPU patch availability matrix for the exact OPatch bundle for your platform. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Recommended ActionAI

Within 24 hours: Inventory all systems running WebLogic 12.2.1.4.0 or 14.1.2.0.0; check Oracle security advisories for patch availability; assess network exposure of affected servers. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

More from same product – last 7 days

CVE-2026-35292 CRITICAL
10.0 Jun 16

Unauthenticated remote takeover in Oracle WebLogic Server 14.1.2.0.0 and 15.1.1.0.0 (Console component) allows network a
CVE-2026-35301 CRITICAL
10.0 Jun 16

Remote takeover of Oracle WebLogic Server 12.2.1.4.0 and 14.1.1.0.0 is possible via the Console component, allowing an u
CVE-2026-35263 CRITICAL
9.9 Jun 16

Remote takeover of Oracle WebLogic Server 14.1.2.0.0 and 15.1.1.0.0 (Fusion Middleware, Core component) is achievable by
CVE-2026-35300 CRITICAL
9.8 Jun 16

Remote takeover of Oracle WebLogic Server (versions 12.2.1.4.0, 14.1.1.0.0, 14.1.2.0.0, and 15.1.1.0.0) is possible by u
CVE-2026-35298 CRITICAL
9.1 Jun 16

Authenticated takeover of Oracle WebLogic Server (Fusion Middleware Core component) is possible by a high-privileged att

Share

CVE-2026-35311 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy