PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-35312 Oracle Corporation CVE debrief

A critical vulnerability was discovered in Oracle Virtual Directory, a component of Oracle Fusion Middleware. The vulnerability, tracked as CVE-2026-35312, affects versions 12.2.1.4.0 and 14.1.2.0.0 of Oracle Virtual Directory. It allows unauthenticated attackers with network access via LDAP to compromise the system, potentially leading to a takeover of Oracle Virtual Directory. The CVSS 3.1 Base Score for this vulnerability is 9.8, indicating a high impact on confidentiality, integrity, and availability.

Vendor
Oracle Corporation
Product
Oracle Virtual Directory
CVSS
CRITICAL 9.8
CISA KEV
Not listed in stored evidence
Original CVE published
2026-06-17
Original CVE updated
2026-06-19
Advisory published
2026-06-17
Advisory updated
2026-06-19

Who should care

Organizations using Oracle Virtual Directory versions 12.2.1.4.0 and 14.1.2.0.0 should prioritize patching this vulnerability. The vulnerability's high CVSS score and potential for unauthenticated attacks via LDAP make it a critical concern for security teams. Oracle Virtual Directory administrators and security professionals responsible for Oracle Fusion Middleware deployments should take immediate action to assess and mitigate this risk.

Technical summary

CVE-2026-35312 is a critical vulnerability in the Oracle Virtual Directory product of Oracle Fusion Middleware, specifically in the Virtual Directory Server component. The vulnerability is easily exploitable and allows unauthenticated attackers with network access via LDAP to compromise Oracle Virtual Directory. Successful attacks can result in a takeover of the system. The vulnerability has a CVSS 3.1 Base Score of 9.8, with high impacts on confidentiality, integrity, and availability. The CVSS vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

Defensive priority

High

Recommended defensive actions

  • Apply the security patch provided by Oracle as soon as possible
  • Conduct an immediate inventory check to identify all instances of Oracle Virtual Directory in use
  • Implement compensating controls such as network segmentation or access restrictions to limit exposure
  • Monitor for any suspicious activity related to LDAP access
  • Consider temporarily disabling LDAP access if patching cannot be applied immediately

Evidence notes

The CVE record was published on 2026-06-17T10:40:23.357Z and was last modified on 2026-06-19T06:17:03.150Z. The NVD entry is currently Analyzed. The vulnerability details were obtained from the official CVE record and NVD database.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-06-17T10:40:23.357Z and has not been modified since then. The NVD entry is currently Analyzed.