CVE-2026-35300

CVE-2026-35300 PUBLISHED

Assigner: oracle
Reserved: 01.04.2026 Published: 16.06.2026 Updated: 17.06.2026

Vulnerability in the WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0, 14.1.1.0.0, 14.1.2.0.0 and 15.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TCP to compromise WebLogic Server. Successful attacks of this vulnerability can result in takeover of WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Metrics

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS Score: 9.8

Attack Vector	Network	Scope	Unchanged
Attack Complexity	Low	Confidentiality Impact	High
Privileges Required	None	Integrity Impact	High
User Interaction	None	Availability Impact	High

CVSS 3.1

Product Status

Vendor	Oracle Corporation
Product	WebLogic Server
Versions	Version 12.2.1.4.0 is affected Version 14.1.1.0.0 is affected Version 14.1.2.0.0 is affected Version 15.1.1.0.0 is affected

Vendor

Oracle Corporation

Product

WebLogic Server

Versions

Version 12.2.1.4.0 is affected
Version 14.1.1.0.0 is affected
Version 14.1.2.0.0 is affected
Version 15.1.1.0.0 is affected

References

Problem Types