CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2026-35291

Vulnerability in the WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 14.1.2.0.0 and 15.1.1.0.0. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise WebLogic Server. Successful attacks of this vulnerability can result in takeover of WebLogic Server. CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 24.9%

CVSS Severity

CVSS v3 Score 6.6

References

https://www.oracle.com/security-alerts/cspujun2026.html

Products affected by CVE-2026-35291

Oracle » Weblogic Server » Version: 14.1.2.0.0

cpe:2.3:a:oracle:weblogic_server:14.1.2.0.0
Oracle » Weblogic Server » Version: 15.1.1.0.0

cpe:2.3:a:oracle:weblogic_server:15.1.1.0.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-35291

Products

Pricing

Contact Us