PatchSiren cyber security CVE debrief
CVE-2026-35312 Oracle Corporation CVE debrief
A critical vulnerability was discovered in Oracle Virtual Directory, a component of Oracle Fusion Middleware. The vulnerability, tracked as CVE-2026-35312, affects versions 12.2.1.4.0 and 14.1.2.0.0 of Oracle Virtual Directory. It allows unauthenticated attackers with network access via LDAP to compromise the system, potentially leading to a takeover of Oracle Virtual Directory. The CVSS 3.1 Base Score for this vulnerability is 9.8, indicating a high impact on confidentiality, integrity, and availability.
- Vendor
- Oracle Corporation
- Product
- Oracle Virtual Directory
- CVSS
- CRITICAL 9.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-17
- Original CVE updated
- 2026-06-19
- Advisory published
- 2026-06-17
- Advisory updated
- 2026-06-19
Who should care
Organizations using Oracle Virtual Directory versions 12.2.1.4.0 and 14.1.2.0.0 should prioritize patching this vulnerability. The vulnerability's high CVSS score and potential for unauthenticated attacks via LDAP make it a critical concern for security teams. Oracle Virtual Directory administrators and security professionals responsible for Oracle Fusion Middleware deployments should take immediate action to assess and mitigate this risk.
Technical summary
CVE-2026-35312 is a critical vulnerability in the Oracle Virtual Directory product of Oracle Fusion Middleware, specifically in the Virtual Directory Server component. The vulnerability is easily exploitable and allows unauthenticated attackers with network access via LDAP to compromise Oracle Virtual Directory. Successful attacks can result in a takeover of the system. The vulnerability has a CVSS 3.1 Base Score of 9.8, with high impacts on confidentiality, integrity, and availability. The CVSS vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.
Defensive priority
High
Recommended defensive actions
- Apply the security patch provided by Oracle as soon as possible
- Conduct an immediate inventory check to identify all instances of Oracle Virtual Directory in use
- Implement compensating controls such as network segmentation or access restrictions to limit exposure
- Monitor for any suspicious activity related to LDAP access
- Consider temporarily disabling LDAP access if patching cannot be applied immediately
Evidence notes
The CVE record was published on 2026-06-17T10:40:23.357Z and was last modified on 2026-06-19T06:17:03.150Z. The NVD entry is currently Analyzed. The vulnerability details were obtained from the official CVE record and NVD database.
Official resources
-
CVE-2026-35312 CVE record
CVE.org
-
CVE-2026-35312 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-06-17T10:40:23.357Z and has not been modified since then. The NVD entry is currently Analyzed.