Back to overview

CVE-2026-35291

MEDIUM
6.6
CVSS 3.1

Metadata

CVE ID
CVE-2026-35291
State
PUBLISHED
Assigner
oracle
Reserved
2026-04-01 20:03 UTC
Published
2026-06-16 19:27 UTC
Last updated
2026-06-17 13:26 UTC
Primary CWE
CWE-269
CWE-269 Improper Privilege Management
Vendor / Product
Oracle Corporation / WebLogic Server
Sources
cve.org  ·  NVD

Severity & Metrics

6.6 MEDIUM CVSS 3.1
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
SSVC — CISA Coordinator
Exploitation
none
Automatable
no
Tech. Impact
total
Affected products (1)
VendorProductPlatformVersions
Oracle Corporation WebLogic Server 14.1.2.0.0, 15.1.1.0.0
Weakness (CWE)
CWESourceDescription
cna Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise WebLogic Server. Successful attacks of this vulnerability can result in takeover of WebLogic Server.
CWE-269 adp CWE-269 Improper Privilege Management
CVSS scores (1)
ScoreSeverityVersionSourceVector
6.6 MEDIUM 3.1 cna CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
References (1)
Back to overview