Skip to main content

Oracle WebLogic Server EUVD-2026-37393

| CVE-2026-35259 HIGH
URL Redirection to Untrusted Site (Open Redirect) (CWE-601)
2026-06-16 oracle
Oracle Weblogic Server Open Redirect
8.8
CVSS 3.1 · Vendor: oracle
Share

Severity by source

Vendor (oracle) PRIMARY
8.8 HIGH
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
vuln.today AI
8.8 HIGH

Network-reachable Console over HTTPS with no attacker credentials but required victim interaction by an admin yields full triad takeover within the same security scope.

3.1 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
4.0 AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (oracle).

CVSS VectorVendor: oracle

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
Analysis Generated
Jun 16, 2026 - 21:15 vuln.today

DescriptionCVE.org

Vulnerability in the WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 14.1.2.0.0 and 15.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise WebLogic Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of WebLogic Server. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).

AnalysisAI

Full takeover of Oracle WebLogic Server 14.1.2.0.0 and 15.1.1.0.0 is achievable by remote unauthenticated attackers via the Console component over HTTPS, provided a victim performs an action such as clicking a malicious link. The flaw carries a CVSS 3.1 base score of 8.8 with high impact across confidentiality, integrity, and availability, but exploitation hinges on user interaction. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Identify exposed WebLogic Console
Delivery
Craft malicious HTTPS link or page
Exploit
Phish authenticated admin into interacting
Execution
Console processes forged request with admin context
Persist
Attacker performs administrative actions
Impact
Full WebLogic domain takeover
Sign in to reveal

Vulnerability AssessmentAI

Exploitation Exploitation requires that the target run Oracle WebLogic Server 14.1.2.0.0 or 15.1.1.0.0 with the Administration Console component enabled and reachable over HTTPS from the attacker's network position, and a separate person - almost certainly an authenticated Console administrator - must perform an interaction such as clicking a link or visiting an attacker-controlled page while their Console session is active. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS vector (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) describes a network-reachable, low-complexity, unauthenticated path with high triad impact, but UI:R meaningfully limits exploitation to scenarios where a privileged user (typically a WebLogic administrator) is lured into interacting with attacker-controlled content. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker hosts a malicious page or sends a crafted HTTPS link to a WebLogic administrator who is currently authenticated to the Console; when the admin visits or interacts with the content, the browser issues a forged or malicious request to the Console that the server processes with the victim's privileges, resulting in arbitrary administrative actions and effective takeover of the WebLogic domain. Because no public exploit is referenced and Oracle has not released technical details, weaponization would require reverse-engineering the patch.
Remediation Apply the Oracle Critical Patch Update referenced in the June 2026 CPU advisory at https://www.oracle.com/security-alerts/cspujun2026.html (Patch available per vendor advisory; exact post-patch build identifiers should be taken from that bulletin and applied to both 14.1.2.0.0 and 15.1.1.0.0 deployments). … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Recommended ActionAI

Within 24 hours: Inventory all Oracle WebLogic deployments and identify systems running versions 14.1.2.0.0 or 15.1.1.0.0; restrict Console network access to administrative IPs only and disable unnecessary Console exposure. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

More from same product – last 7 days

CVE-2026-35292 CRITICAL
10.0 Jun 16

Unauthenticated remote takeover in Oracle WebLogic Server 14.1.2.0.0 and 15.1.1.0.0 (Console component) allows network a
CVE-2026-35301 CRITICAL
10.0 Jun 16

Remote takeover of Oracle WebLogic Server 12.2.1.4.0 and 14.1.1.0.0 is possible via the Console component, allowing an u
CVE-2026-35263 CRITICAL
9.9 Jun 16

Remote takeover of Oracle WebLogic Server 14.1.2.0.0 and 15.1.1.0.0 (Fusion Middleware, Core component) is achievable by
CVE-2026-35300 CRITICAL
9.8 Jun 16

Remote takeover of Oracle WebLogic Server (versions 12.2.1.4.0, 14.1.1.0.0, 14.1.2.0.0, and 15.1.1.0.0) is possible by u
CVE-2026-35298 CRITICAL
9.1 Jun 16

Authenticated takeover of Oracle WebLogic Server (Fusion Middleware Core component) is possible by a high-privileged att

Share

EUVD-2026-37393 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy