Skip to main content

Oracle WebLogic Server EUVD-2026-37341

| CVE-2026-46848 HIGH
Improper Access Control (CWE-284)
2026-06-16 oracle
Authentication Bypass Oracle Weblogic Server
7.9
CVSS 3.1 · Vendor: oracle
Share

Severity by source

Vendor (oracle) PRIMARY
7.9 HIGH
AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
vuln.today AI
7.9 HIGH

Local logon required (AV:L, PR:L), victim admin must interact in Console (UI:R), and impact crosses to other products with high C/I but no availability loss (S:C, A:N).

3.1 AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
4.0 AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N

Primary rating from Vendor (oracle).

CVSS VectorVendor: oracle

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Changed
Confidentiality
High
Integrity
High
Availability
None

Lifecycle Timeline

1
Analysis Generated
Jun 16, 2026 - 22:47 vuln.today

DescriptionCVE.org

Vulnerability in the WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 14.1.2.0.0 and 15.1.1.0.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where WebLogic Server executes to compromise WebLogic Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in WebLogic Server, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all WebLogic Server accessible data as well as unauthorized access to critical data or complete access to all WebLogic Server accessible data. CVSS 3.1 Base Score 7.9 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N).

AnalysisAI

Privilege escalation and data tampering in Oracle WebLogic Server 14.1.2.0.0 and 15.1.1.0.0 (Console component) allows a low-privileged local user to compromise confidentiality and integrity of all WebLogic-accessible data when a separate user is tricked into interacting with attacker-supplied content. The scope-changed nature means impact extends beyond WebLogic to additional products in the environment. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain low-privileged logon on WebLogic host
Delivery
Plant malicious Console payload or link
Exploit
Admin interacts in Console (UI:R)
Execution
Action executes under admin authority across scope boundary
Impact
Read/modify critical data in WebLogic and integrated products
Sign in to reveal

Vulnerability AssessmentAI

Exploitation Attacker must already have a logon-capable, low-privileged account on the infrastructure where WebLogic Server executes (AV:L, PR:L), and exploitation only succeeds when a different, higher-privileged user interacts with the attacker-supplied trigger via the WebLogic Console (UI:R). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 base of 7.9 is driven by AV:L + PR:L + UI:R + S:C + C:H/I:H, reflecting an authenticated, victim-assisted local attack that nonetheless escapes its scope. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario A low-privileged WebLogic user with logon to the management infrastructure crafts malicious Console content or a request that, when a higher-privileged administrator interacts with it in the Console UI, causes WebLogic to perform attacker-directed read/modify operations against data managed by integrated downstream components (scope change). The result is unauthorized disclosure and tampering of critical application data without needing to bypass authentication directly. …
Remediation Apply the fixes delivered in the Oracle Critical Patch Update of June 2026 (https://www.oracle.com/security-alerts/cspujun2026.html); exact patched build numbers are released as part of the CPU bundle for WebLogic 14.1.2.0.0 and 15.1.1.0.0 and should be pulled from the CPU patch matrix rather than guessed. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Recommended ActionAI

24 hours: Identify all WebLogic Server 14.1.2.0.0 and 15.1.1.0.0 instances; audit and restrict unnecessary local user accounts on hosting systems. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

More from same product – last 7 days

CVE-2026-35292 CRITICAL
10.0 Jun 16

Unauthenticated remote takeover in Oracle WebLogic Server 14.1.2.0.0 and 15.1.1.0.0 (Console component) allows network a
CVE-2026-35301 CRITICAL
10.0 Jun 16

Remote takeover of Oracle WebLogic Server 12.2.1.4.0 and 14.1.1.0.0 is possible via the Console component, allowing an u
CVE-2026-35263 CRITICAL
9.9 Jun 16

Remote takeover of Oracle WebLogic Server 14.1.2.0.0 and 15.1.1.0.0 (Fusion Middleware, Core component) is achievable by
CVE-2026-35300 CRITICAL
9.8 Jun 16

Remote takeover of Oracle WebLogic Server (versions 12.2.1.4.0, 14.1.1.0.0, 14.1.2.0.0, and 15.1.1.0.0) is possible by u
CVE-2026-35298 CRITICAL
9.1 Jun 16

Authenticated takeover of Oracle WebLogic Server (Fusion Middleware Core component) is possible by a high-privileged att

Share

EUVD-2026-37341 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy