CVE-2026-35291 - NVD | ByteOS Network

NVD Vulnerability Details :

CVE-2026-35291

Analyzed

More Info Official Page

Source-secalert_us@oracle.com

Published At-17 Jun, 2026 | 10:40

Updated At-18 Jun, 2026 | 15:49

Vulnerability in the WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 14.1.2.0.0 and 15.1.1.0.0. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise WebLogic Server. Successful attacks of this vulnerability can result in takeover of WebLogic Server. CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	6.6	MEDIUM	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
			N/A

Type: Secondary

Version: 3.1

Base score: 6.6

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

Type: N/A

Version:

Base score:

Base severity: N/A

Vector:

CPE Matches

Oracle Corporation

>>weblogic_server>>14.1.2.0.0

cpe:2.3:a:oracle:weblogic_server:14.1.2.0.0:*:*:*:*:*:*:*

Oracle Corporation

>>weblogic_server>>15.1.1.0.0

cpe:2.3:a:oracle:weblogic_server:15.1.1.0.0:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-269	Secondary	134c704f-9b21-4f2e-91b3-4a467353bcc0

CWE ID: CWE-269

Type: Secondary

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

References

Hyperlink	Source	Resource
https://www.oracle.com/security-alerts/cspujun2026.html	secalert_us@oracle.com	Vendor Advisory

Hyperlink: https://www.oracle.com/security-alerts/cspujun2026.html

Source: secalert_us@oracle.com

Resource:

Vendor Advisory