PatchSiren cyber security CVE debrief
CVE-2026-35307 Oracle Corporation CVE debrief
A critical vulnerability was discovered in Oracle Coherence, a product of Oracle Fusion Middleware. The vulnerability affects versions 12.2.1.4.0, 14.1.1.0.0, 14.1.2.0.0, and 15.1.1.0.0. It allows unauthenticated attackers with network access via HTTP to compromise Oracle Coherence, potentially impacting additional products. Successful attacks can result in a takeover of Oracle Coherence.
- Vendor
- Oracle Corporation
- Product
- Oracle Coherence
- CVSS
- CRITICAL 10
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-17
- Original CVE updated
- 2026-06-19
- Advisory published
- 2026-06-17
- Advisory updated
- 2026-06-19
Who should care
Organizations using Oracle Coherence versions 12.2.1.4.0, 14.1.1.0.0, 14.1.2.0.0, and 15.1.1.0.0 should prioritize patching this vulnerability. The CVSS score of 10.0 indicates a high severity level, and the potential for scope change means that attacks could impact additional products beyond Oracle Coherence.
Technical summary
The vulnerability in Oracle Coherence has a CVSS 3.1 Base Score of 10.0, indicating a critical severity level. The CVSS Vector is (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H), showing that the vulnerability allows unauthenticated attackers with network access via HTTP to compromise the system, with high impacts on confidentiality, integrity, and availability. The vulnerability affects multiple versions of Oracle Coherence, including 12.2.1.4.0, 14.1.1.0.0, 14.1.2.0.0, and 15.1.1.0.0.
Defensive priority
High
Recommended defensive actions
- Apply patches or updates provided by Oracle Corporation for the affected Oracle Coherence versions.
- Implement compensating controls, such as network segmentation or access restrictions, to limit the attack surface.
- Monitor Oracle Coherence systems for suspicious activity and ensure that they are not exposed to untrusted networks.
- Review and update inventory to ensure accurate tracking of Oracle Coherence deployments.
- Consider implementing additional security measures, such as web application firewalls, to detect and prevent exploitation attempts.
Evidence notes
The CVE record was published on 2026-06-17T10:40:22.833Z and was last modified on 2026-06-19T06:17:02.640Z. The NVD entry is currently Analyzed. The vulnerability has a CVSS score of 10.0 and affects multiple versions of Oracle Coherence.
Official resources
-
CVE-2026-35307 CVE record
CVE.org
-
CVE-2026-35307 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-06-17T10:40:22.833Z and has not been modified since then. The NVD entry is currently Analyzed.