HarborGuardharborguardDatabase
Back to search
HIGHCVE-2026-35311Published Modified CNA oracle

CVE-2026-35311: Vulnerability in the WebLogic Server product of Oracle Fusion Middleware (component: Core)

Vulnerability in the WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise WebLogic Server. Successful attacks of this vulnerability can result in takeover of WebLogic Server. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

Metrics

CVSS v3.1
8.8
Severity
HIGH
Fixed in
Affected Products
1

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

An easily exploitable vulnerability in the Core component of Oracle WebLogic Server allows a network-adjacent attacker with any low-privilege account to fully compromise the server. The flaw is reachable over HTTP without requiring victim interaction, and the CVSS 3.1 score of 8.8 (High) reflects full impact across confidentiality, integrity, and availability. Successful exploitation gives the attacker complete control over the affected WebLogic instance, equivalent to a server takeover. No fix has been published by Oracle as of this writing; HarborGuard tracks the advisory for patch availability and will surface a patched-image rebuild the moment upstream ships one.

HarborGuard Coverage

Detection

Detection is available across every HarborGuard environment: the CVE is ingested from Oracle and NVD feeds within minutes of publication and matched against all customer images, including custom-built images that bundle WebLogic Server 12.2.1.4.0 or 14.1.2.0.0. Any image in a connected registry or CI pipeline that contains an affected version is flagged automatically.

Available
Triage

HarborGuard scores this finding at CVSS 8.8 (High) and weights it against each customer environment's compliance policy to determine urgency and routing. The resulting alert is directed to the appropriate team inbox within each customer organization based on configured ownership rules.

Available
Patch

Because no upstream fix exists yet, HarborGuard re-evaluates this advisory on every ingest cycle and will make a patched-image rebuild available automatically the moment Oracle publishes a fix version. In the meantime, the advisory remains open and visible in each affected environment's finding queue so teams can apply compensating controls.

Pending upstream

Exploit Conditions

  • Network reachabilityRequired

    The attacker must reach the WebLogic Server over the network via HTTP; no physical or local access is required, making any internet- or intranet-exposed instance a viable target.

  • AuthenticationRequired

    A low-privilege account is sufficient; any valid credential grants the network foothold needed to trigger the vulnerability, but unauthenticated access alone is not enough.

  • Victim interactionNot required

    No user or administrator action is needed to trigger the vulnerability; the attacker can drive the exploit entirely from their own session.

  • Attack complexityDetail

    Attack complexity is Low, meaning the exploit is reliable and requires no special preconditions, race conditions, or knowledge of memory layout.

Blast Radius

  • A successful attacker reads all data accessible to the WebLogic Server process, including application configurations, credentials, and stored business records.
  • The attacker can write to or modify any data the server can reach, including database rows, deployed application files, and configuration state.
  • The attacker can crash or permanently disable the WebLogic Server process, taking down all hosted applications and causing a full service outage.
  • Full server takeover means the attacker can pivot from the WebLogic host to internal network resources that the server is trusted to reach.

How HarborGuard Handles This

Available on HarborGuard: because Oracle has not yet published a fix for CVE-2026-35311, the platform continuously monitors the advisory and will trigger a patched-image rebuild automatically the moment a fix version is released upstream. Until then, affected images remain flagged in every customer environment's finding queue. As compensating controls, teams can use HarborGuard's network-policy recommendations to restrict inbound HTTP access to WebLogic on ports 7001 and 7002 to known, trusted sources only; apply egress filtering to prevent a compromised server from reaching internal resources; and consider feature-flag or deployment-level gating to disable non-essential WebLogic components that expose the Core attack surface. For customers with auto-remediation enabled, the rebuild, regression test run, and PR against affected workloads will be initiated without manual intervention once a fix is available, with median time from CVE patch publication to merged PR running around 90 minutes for High-severity issues in those environments.

See how HarborGuard automates this
Affected packages
  • Oracle Corporation / WebLogic Server
    12.2.1.4.0 · 14.1.2.0.0
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References