HarborGuardharborguardDatabase
Back to search
HIGHCVE-2026-35302Published Modified CNA oracle

CVE-2026-35302: Vulnerability in the WebLogic Server product of Oracle Fusion Middleware (component: Console)

Vulnerability in the WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise WebLogic Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in WebLogic Server, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of WebLogic Server. CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).

Metrics

CVSS v3.1
8.3
Severity
HIGH
Fixed in
Affected Products
1

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

This is a high-severity vulnerability in the Console component of Oracle WebLogic Server, affecting versions 12.2.1.4.0 and 14.1.1.0.0. An unauthenticated attacker reachable over HTTP must trick a user into taking some action (such as visiting a crafted link) to trigger the flaw; the attack complexity is rated high, meaning reliable exploitation requires specific conditions to align. Successful exploitation results in full takeover of the WebLogic Server instance, with impact extending to other products in scope due to a scope change. HarborGuard is tracking this advisory and will make a patched-image rebuild available the moment Oracle publishes a fix version.

HarborGuard Coverage

Detection

Detection capability is available across every HarborGuard environment: the CVE is ingested from upstream advisory feeds within minutes of publication and matched against all customer images, including custom-built WebLogic Server images in connected registries and CI/CD pipelines. Any image running an affected version (12.2.1.4.0 or 14.1.1.0.0) will surface a finding automatically.

Available
Triage

HarborGuard scores each finding against the published CVSS 3.1 base score of 8.3 (HIGH) and can weight that score further against each customer environment's compliance policy, surfacing the finding with appropriate urgency. Routing rules direct the alert to the team or inbox configured for the affected workload within each customer organization.

Available
Patch

Because Oracle has not yet published a fix version, HarborGuard re-checks the advisory on every ingest cycle and will make a patched-image rebuild available automatically the moment an upstream fix is released. In the interim, customers can use HarborGuard's policy controls to flag or block promotion of images running the affected WebLogic Console component into production-tier environments.

Pending upstream

Exploit Conditions

  • Network reachabilityRequired

    The attacker must reach the WebLogic Console over the network via HTTP; no local or physical access to the host is required.

  • AuthenticationNot required

    No account or session credential is needed; the attacker starts from a fully unauthenticated position.

  • Victim interactionRequired

    A person other than the attacker must take some action (such as clicking a crafted link or visiting a malicious page) for the attack to succeed.

  • Attack complexityDetail

    Exploitation is rated high complexity, meaning the attacker must engineer specific conditions, such as particular timing, session state, or environmental factors, for the attack to be reliable.

Blast Radius

  • A successful attacker gains the ability to read all data accessible to the WebLogic Server process, including configuration secrets, credentials, and application data.
  • The attacker can modify persisted application state, server configuration, and deployed artifacts on the compromised instance.
  • The attacker can crash or suspend the WebLogic Server service, causing an outage for dependent applications.
  • Because the CVSS scope is changed, the impact can extend beyond WebLogic Server itself to other products or services running in the same environment.

How HarborGuard Handles This

Available on HarborGuard: detection of this CVE fires against any scanned image running WebLogic Server 12.2.1.4.0 or 14.1.1.0.0, with findings scored at CVSS 8.3 HIGH and routed per each customer's compliance policy. Oracle has not published a fix version as of the CVE publication date (2026-06-16), so no patched-image rebuild is available yet. HarborGuard re-evaluates the upstream advisory on every ingest cycle. When Oracle ships a fix, a patched-image rebuild will become available automatically; for customers with auto-remediation enabled, this triggers a regression-test run and a PR opened against affected workloads. In the meantime, recommended compensating controls include restricting network access to the WebLogic Console port via Kubernetes NetworkPolicy or firewall rules, enabling egress filtering to limit lateral movement if the host is compromised, and gating any promotion of images containing the affected Console component through a manual approval step in your pipeline policy.

See how HarborGuard automates this
Affected packages
  • Oracle Corporation / WebLogic Server
    12.2.1.4.0 · 14.1.1.0.0
CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
References