PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-35300 Oracle Corporation CVE debrief

A critical vulnerability was identified in Oracle WebLogic Server, a product of Oracle Fusion Middleware, specifically in the Core component. The vulnerability affects versions 12.2.1.4.0, 14.1.1.0.0, 14.1.2.0.0, and 15.1.1.0.0 of WebLogic Server. This vulnerability is easily exploitable by unauthenticated attackers with network access via TCP, potentially leading to a complete takeover of the WebLogic Server. The CVSS 3.1 Base Score for this vulnerability is 9.8, indicating a high impact on confidentiality, integrity, and availability.

Vendor
Oracle Corporation
Product
WebLogic Server
CVSS
CRITICAL 9.8
CISA KEV
Not listed in stored evidence
Original CVE published
2026-06-17
Original CVE updated
2026-06-18
Advisory published
2026-06-17
Advisory updated
2026-06-18

Who should care

Organizations using Oracle WebLogic Server versions 12.2.1.4.0, 14.1.1.0.0, 14.1.2.0.0, and 15.1.1.0.0 should prioritize patching this vulnerability to prevent potential unauthorized access and control of their WebLogic Servers. This includes but is not limited to IT administrators, cybersecurity professionals, and risk management teams within these organizations.

Technical summary

The vulnerability, tracked as CVE-2026-35300, is found in the Core component of Oracle WebLogic Server. It has been assigned a CVSS 3.1 Base Score of 9.8, categorizing it as Critical. The vulnerability allows unauthenticated attackers with network access via TCP to compromise the WebLogic Server, potentially resulting in a complete takeover. The CVSS Vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, indicating a high impact on confidentiality, integrity, and availability.

Defensive priority

High

Recommended defensive actions

  • Apply the patches provided by Oracle Corporation as soon as possible.
  • Implement compensating controls such as network segmentation and access controls to limit exposure.
  • Monitor WebLogic Server instances for suspicious activity.
  • Perform regular inventory checks to ensure all instances of WebLogic Server are accounted for and patched.
  • Consider implementing additional security measures such as multi-factor authentication and enhanced logging.

Evidence notes

The CVE record was published on 2026-06-17T10:40:22.100Z and was last modified on 2026-06-18T15:44:34.210Z. The NVD entry is currently Analyzed. The vulnerability details were obtained from the official CVE record and the NVD database.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-06-17T10:40:22.100Z and has not been modified since then. The NVD entry is currently Analyzed.