CVE-2026-35291 | THREATINT

Description

Vulnerability in the WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 14.1.2.0.0 and 15.1.1.0.0. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise WebLogic Server. Successful attacks of this vulnerability can result in takeover of WebLogic Server. CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).

PUBLISHED Reserved 2026-04-01 | Published 2026-06-16 | Updated 2026-06-17 | Assigner oracle

MEDIUM: 6.6CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

Problem types

Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise WebLogic Server. Successful attacks of this vulnerability can result in takeover of WebLogic Server.

Product status

14.1.2.0.0 (semver)

affected

15.1.1.0.0 (semver)

affected

References

www.oracle.com/security-alerts/cspujun2026.html (Oracle Advisory) vendor-advisory

cve.org (CVE-2026-35291)

nvd.nist.gov (CVE-2026-35291)

Download JSON