Skip to main content

WebLogic Server EUVD-2026-37418

| CVE-2026-35291 MEDIUM
Improper Privilege Management (CWE-269)
2026-06-16 oracle
Oracle Weblogic Server Privilege Escalation
6.6
CVSS 3.1 · Vendor: oracle
Share

Severity by source

Vendor (oracle) PRIMARY
6.6 MEDIUM
AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
vuln.today AI
6.6 MEDIUM

Network vector confirmed via HTTP access; PR:H because exploitation requires high-privileged Console credentials; AC:H reflects unspecified but non-trivial exploit preconditions per Oracle description.

3.1 AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
4.0 AV:N/AC:H/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (oracle).

CVSS VectorVendor: oracle

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
High
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
Analysis Generated
Jun 17, 2026 - 00:19 vuln.today

DescriptionCVE.org

Vulnerability in the WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 14.1.2.0.0 and 15.1.1.0.0. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise WebLogic Server. Successful attacks of this vulnerability can result in takeover of WebLogic Server. CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).

AnalysisAI

Full server takeover is possible in Oracle WebLogic Server's Console component, affecting versions 14.1.2.0.0 and 15.1.1.0.0 via HTTP over a network. Exploitation requires a high-privileged attacker and high attack complexity, limiting the realistic threat surface to scenarios where administrative credentials are already compromised or an insider threat is present. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain high-privileged WebLogic Console credentials
Delivery
Establish HTTP network access to Console endpoint
Exploit
Satisfy high-complexity exploit precondition in Console
Execution
Trigger vulnerability in Console component
Impact
Achieve full WebLogic Server takeover
Sign in to reveal

Vulnerability AssessmentAI

Exploitation Exploitation requires three concurrent conditions: (1) the attacker must hold high-privileged credentials to the WebLogic Server Console (PR:H), ruling out unauthenticated or low-privileged exploitation; (2) the attacker must have network-layer HTTP access to the Console endpoint - if the Console is bound only to a management interface or protected by a network ACL, remote exploitation is prevented; and (3) high attack complexity (AC:H) must be satisfied, implying the attacker cannot exploit this reliably on demand but must meet specific environmental or timing conditions not further detailed in available data. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 base score of 6.6 is substantially pulled down from the maximum by two key metrics: AC:H (high attack complexity) and PR:H (high privileges required). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who has obtained high-privileged WebLogic Console credentials - through credential stuffing, phishing of an admin, or lateral movement from a compromised internal host - connects to the Console over HTTP and exploits a high-complexity flaw, potentially involving a specific sequence of Console interactions or a timing-dependent condition. If the exploit conditions are satisfied, the attacker achieves code execution or equivalent control, resulting in full compromise of the WebLogic Server instance including hosted applications and data. …
Remediation Apply the patches released in Oracle's Critical Patch Update for June 2026, available at https://www.oracle.com/security-alerts/cspujun2026.html. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Threat intelligence, references, and detailed analysis are available after sign-in.

More from same product – last 7 days

CVE-2026-35292 CRITICAL
10.0 Jun 16

Unauthenticated remote takeover in Oracle WebLogic Server 14.1.2.0.0 and 15.1.1.0.0 (Console component) allows network a
CVE-2026-35301 CRITICAL
10.0 Jun 16

Remote takeover of Oracle WebLogic Server 12.2.1.4.0 and 14.1.1.0.0 is possible via the Console component, allowing an u
CVE-2026-35263 CRITICAL
9.9 Jun 16

Remote takeover of Oracle WebLogic Server 14.1.2.0.0 and 15.1.1.0.0 (Fusion Middleware, Core component) is achievable by
CVE-2026-35300 CRITICAL
9.8 Jun 16

Remote takeover of Oracle WebLogic Server (versions 12.2.1.4.0, 14.1.1.0.0, 14.1.2.0.0, and 15.1.1.0.0) is possible by u
CVE-2026-35298 CRITICAL
9.1 Jun 16

Authenticated takeover of Oracle WebLogic Server (Fusion Middleware Core component) is possible by a high-privileged att

Share

EUVD-2026-37418 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy