PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-35307 Oracle Corporation CVE debrief

A critical vulnerability was discovered in Oracle Coherence, a product of Oracle Fusion Middleware. The vulnerability affects versions 12.2.1.4.0, 14.1.1.0.0, 14.1.2.0.0, and 15.1.1.0.0. It allows unauthenticated attackers with network access via HTTP to compromise Oracle Coherence, potentially impacting additional products. Successful attacks can result in a takeover of Oracle Coherence.

Vendor
Oracle Corporation
Product
Oracle Coherence
CVSS
CRITICAL 10
CISA KEV
Not listed in stored evidence
Original CVE published
2026-06-17
Original CVE updated
2026-06-19
Advisory published
2026-06-17
Advisory updated
2026-06-19

Who should care

Organizations using Oracle Coherence versions 12.2.1.4.0, 14.1.1.0.0, 14.1.2.0.0, and 15.1.1.0.0 should prioritize patching this vulnerability. The CVSS score of 10.0 indicates a high severity level, and the potential for scope change means that attacks could impact additional products beyond Oracle Coherence.

Technical summary

The vulnerability in Oracle Coherence has a CVSS 3.1 Base Score of 10.0, indicating a critical severity level. The CVSS Vector is (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H), showing that the vulnerability allows unauthenticated attackers with network access via HTTP to compromise the system, with high impacts on confidentiality, integrity, and availability. The vulnerability affects multiple versions of Oracle Coherence, including 12.2.1.4.0, 14.1.1.0.0, 14.1.2.0.0, and 15.1.1.0.0.

Defensive priority

High

Recommended defensive actions

  • Apply patches or updates provided by Oracle Corporation for the affected Oracle Coherence versions.
  • Implement compensating controls, such as network segmentation or access restrictions, to limit the attack surface.
  • Monitor Oracle Coherence systems for suspicious activity and ensure that they are not exposed to untrusted networks.
  • Review and update inventory to ensure accurate tracking of Oracle Coherence deployments.
  • Consider implementing additional security measures, such as web application firewalls, to detect and prevent exploitation attempts.

Evidence notes

The CVE record was published on 2026-06-17T10:40:22.833Z and was last modified on 2026-06-19T06:17:02.640Z. The NVD entry is currently Analyzed. The vulnerability has a CVSS score of 10.0 and affects multiple versions of Oracle Coherence.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-06-17T10:40:22.833Z and has not been modified since then. The NVD entry is currently Analyzed.