HarborGuardharborguardDatabase
Back to search
HIGHCVE-2026-35259Published Modified CNA oracle

CVE-2026-35259: Vulnerability in the WebLogic Server product of Oracle Fusion Middleware (component: Console)

Vulnerability in the WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 14.1.2.0.0 and 15.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise WebLogic Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of WebLogic Server. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).

Metrics

CVSS v3.1
8.8
Severity
HIGH
Fixed in
Affected Products
1

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

This is an unauthenticated remote exploitation vulnerability in the Console component of Oracle WebLogic Server (versions 14.1.2.0.0 and 15.1.1.0.0). An attacker reachable over HTTPS needs no credentials but must trick a legitimate user into taking an action, such as clicking a crafted link, to trigger the flaw. Successful exploitation gives the attacker full control of the WebLogic Server instance, covering confidentiality, integrity, and availability. No upstream fix has been published yet; HarborGuard tracks this advisory and will surface a patched-image rebuild the moment Oracle releases one.

HarborGuard Coverage

Detection

Detection for CVE-2026-35259 is available across every HarborGuard environment: the CVE is ingested from upstream Oracle and NVD feeds within minutes of publication and matched against customer images in connected registries and CI/CD pipelines, including custom-built images that layer WebLogic Server components.

Available
Triage

HarborGuard scores this CVE at CVSS 8.8 (HIGH) and weights it against each customer environment's compliance policy to determine urgency and routing. Triage findings are delivered to the appropriate team inbox within each organization based on configured ownership rules.

Available
Patch

Because no upstream fix version has been published, HarborGuard re-evaluates this advisory on every ingest cycle and will make a patched-image rebuild available automatically the moment Oracle ships a remediated release. In the meantime, compensating controls such as network-policy isolation of the WebLogic Console endpoint and egress filtering can be applied; HarborGuard flags affected workloads so these controls can be targeted precisely.

Pending upstream

Exploit Conditions

  • Network reachabilityRequired

    The attacker must reach the WebLogic Server Console over the network via HTTPS; any internet- or intranet-exposed instance is in scope.

  • AuthenticationNot required

    No credentials of any kind are needed; the vulnerability is exploitable by a completely unauthenticated attacker.

  • Victim interactionRequired

    A legitimate user of the WebLogic Console must be socially engineered into performing an action, such as clicking a crafted HTTPS link, for the attack to succeed.

  • Attack complexityDetail

    Attack complexity is low, meaning the exploit is reliable and requires no special race conditions, memory-layout knowledge, or other environmental prerequisites.

Blast Radius

  • The attacker gains full read access to the WebLogic Server process, exposing configuration files, data sources, credentials, and any application data the server can reach.
  • The attacker can write to or modify any resource the WebLogic Server process controls, including deployed application artifacts and persisted configuration.
  • The attacker can crash or otherwise make the WebLogic Server instance unavailable, disrupting any applications and services it hosts.
  • Combined confidentiality, integrity, and availability impact across the server constitutes a full host-level takeover as described in the CVE record.

How HarborGuard Handles This

Available on HarborGuard: images containing WebLogic Server 14.1.2.0.0 or 15.1.1.0.0 are flagged automatically in every connected registry and pipeline. Because Oracle has not yet published a fix version, HarborGuard monitors the advisory on every ingest cycle and will surface a patched-image rebuild the moment a remediated release appears upstream. For customers who opt into auto-remediation, the rebuild, regression-test run, and PR against affected workloads will trigger without manual intervention as soon as the fix is available. While waiting for an upstream patch, HarborGuard identifies the specific workloads running affected images so teams can apply compensating controls: restricting network access to the WebLogic Console port via Kubernetes NetworkPolicy or equivalent, adding egress filtering to limit lateral movement from a compromised instance, and auditing which users have access to the Console to reduce the pool of potential social-engineering targets. Where compliance policy permits, HarborGuard can also apply feature-flag or ingress-rule changes as a temporary gate on the Console endpoint.

See how HarborGuard automates this
Affected packages
  • Oracle Corporation / WebLogic Server
    14.1.2.0.0 · 15.1.1.0.0
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References