HarborGuardharborguardDatabase
Back to search
CRITICALCVE-2026-35300Published Modified CNA oracle

CVE-2026-35300: Vulnerability in the WebLogic Server product of Oracle Fusion Middleware (component: Core)

Vulnerability in the WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0, 14.1.1.0.0, 14.1.2.0.0 and 15.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TCP to compromise WebLogic Server. Successful attacks of this vulnerability can result in takeover of WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Metrics

CVSS v3.1
9.8
Severity
CRITICAL
Fixed in
Affected Products
1

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

A critical unauthenticated remote code execution vulnerability affects Oracle WebLogic Server (Core component) in versions 12.2.1.4.0, 14.1.1.0.0, 14.1.2.0.0, and 15.1.1.0.0. The flaw is reachable over the network via TCP without any credentials or user interaction, meaning any attacker who can reach the WebLogic port can trigger it. Successful exploitation results in full takeover of the WebLogic Server instance, giving the attacker control over confidentiality, integrity, and availability. No fix versions have been published yet; HarborGuard tracks this advisory and will surface a patched-image rebuild the moment Oracle ships a remediation.

HarborGuard Coverage

Detection

Detection for CVE-2026-35300 is available across every HarborGuard environment: the CVE is ingested from Oracle and upstream vulnerability feeds within minutes of publication and matched against all customer images, including custom-built images layering WebLogic. Any image running an affected WebLogic version (12.2.1.4.0, 14.1.1.0.0, 14.1.2.0.0, or 15.1.1.0.0) is flagged automatically in both registry scans and CI/CD pipeline checks.

Available
Triage

Triage is available with a CVSS 3.1 score of 9.8 (Critical), surfaced alongside per-environment compliance policy weighting so teams can prioritize against their own risk thresholds. Findings are routed to the appropriate inbox or ticketing integration within each customer organization based on configured ownership rules.

Available
Patch

Because no upstream fix is available, HarborGuard re-evaluates this advisory on every ingest cycle and will make a patched-image rebuild available automatically the moment Oracle publishes a remediation. In the interim, customers with network-policy controls or egress-filtering rules configured in HarborGuard can apply compensating controls to restrict TCP access to affected WebLogic ports while waiting for the upstream fix.

Pending upstream

Exploit Conditions

  • Network reachabilityRequired

    The attacker must reach the WebLogic Server over the network via TCP; any system with a network path to the exposed port is in scope.

  • AuthenticationNot required

    No credentials of any privilege level are needed; the vulnerability is exploitable by a completely unauthenticated attacker.

  • Victim interactionNot required

    No user or administrator action is required to trigger the vulnerability; exploitation is fully attacker-driven.

  • Attack complexityDetail

    Attack complexity is Low, meaning the exploit is reliable and imposes no special race conditions, memory-layout dependencies, or environmental prerequisites.

Blast Radius

  • Full remote code execution on the WebLogic Server host, giving the attacker arbitrary command execution under the server process identity.
  • Reads all data accessible to the WebLogic process, including deployed application secrets, database credentials, session tokens, and customer records.
  • Modifies or deletes application data, configuration files, and deployed artifacts hosted on the server.
  • Crashes or indefinitely disrupts the WebLogic Server process, taking down all applications and services running on the affected instance.

How HarborGuard Handles This

Available on HarborGuard: detection for CVE-2026-35300 is active across all environments scanning images that include WebLogic Server at the affected versions. Because Oracle has not yet published a fix, HarborGuard monitors the advisory on every ingest cycle and will trigger a patched-image rebuild and, for customers with auto-remediation enabled, a regression-test run and a PR opened against affected workloads the moment a remediation ships upstream. While no patch is available, customers can apply compensating controls through HarborGuard's network-policy integration: restricting inbound TCP access to WebLogic listener ports to known trusted sources and enabling egress filtering to limit lateral movement in the event of a breach. Teams managing high-exposure environments should also consider feature-flag gating or temporary isolation of affected WebLogic deployments until Oracle publishes a fix.

See how HarborGuard automates this
Affected packages
  • Oracle Corporation / WebLogic Server
    12.2.1.4.0 · 14.1.1.0.0 · 14.1.2.0.0 · 15.1.1.0.0
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References