HarborGuardharborguardDatabase
Back to search
HIGHCVE-2026-46848Published Modified CNA oracle

CVE-2026-46848: Vulnerability in the WebLogic Server product of Oracle Fusion Middleware (component: Console)

Vulnerability in the WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 14.1.2.0.0 and 15.1.1.0.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where WebLogic Server executes to compromise WebLogic Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in WebLogic Server, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all WebLogic Server accessible data as well as unauthorized access to critical data or complete access to all WebLogic Server accessible data. CVSS 3.1 Base Score 7.9 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N).

Metrics

CVSS v3.1
7.9
Severity
HIGH
Fixed in
Affected Products
1

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

This is a local privilege escalation and data-compromise vulnerability in the Console component of Oracle WebLogic Server, affecting versions 14.1.2.0.0 and 15.1.1.0.0. An attacker with a low-privilege account on the host where WebLogic Server runs can exploit it, but must also convince another user to take some action, such as visiting a crafted page or clicking a link within the Console. Successful exploitation gives the attacker full read and write access to all data accessible by WebLogic Server, including across additional products in scope, with no availability impact. HarborGuard is tracking this advisory and will make a patched-image rebuild available the moment Oracle publishes a fix.

HarborGuard Coverage

Detection

Detection is available across every HarborGuard environment: the CVE is ingested from upstream Oracle and NVD feeds within minutes of publication and matched against all customer images, including internally built images that layer WebLogic Server. Any image found running version 14.1.2.0.0 or 15.1.1.0.0 of WebLogic Server is flagged immediately.

Available
Triage

HarborGuard scores this finding at CVSS 7.9 HIGH and applies each customer organization's compliance policy weighting to determine queue priority and routing. Findings are dispatched to the appropriate team inbox within each customer environment based on image ownership and configured escalation rules.

Available
Patch

Because Oracle has not yet published a fix version, no patched-image rebuild is available at this time. HarborGuard re-checks the Oracle advisory and upstream feeds on every ingest cycle and will make a rebuilt image available automatically the moment a fix version is released upstream.

Pending upstream

Exploit Conditions

  • Network reachabilityNot required

    The attacker does not need network access; they must already have a local shell or running process on the host where WebLogic Server executes.

  • AuthenticationRequired

    A low-privilege operating system or application account on the target host is sufficient; no administrator credentials are needed.

  • Victim interactionRequired

    A separate user must perform an action within the WebLogic Console, such as opening a crafted link or page, for the exploit to succeed.

  • Attack complexityDetail

    Attack complexity is low, meaning the exploit is reliable and requires no special race conditions, memory layout tricks, or environmental prerequisites beyond the attacker's foothold.

Blast Radius

  • Reads all data accessible to WebLogic Server, including stored configuration, credentials, and application data.
  • Creates, modifies, or deletes critical data within WebLogic Server, including deployment configurations and persisted application records.
  • Impact can extend beyond WebLogic Server itself to other products sharing the same infrastructure due to a scope change in the CVSS rating.
  • Availability of the service is not directly affected by this vulnerability.

How HarborGuard Handles This

Available on HarborGuard: this CVE is actively monitored across every ingest cycle against all customer images running WebLogic Server 14.1.2.0.0 or 15.1.1.0.0. Because no upstream fix has been published by Oracle, no patched-image rebuild is currently available. HarborGuard will generate a rebuilt image and, for customers with auto-remediation enabled, open a PR against affected workloads the moment Oracle ships a patch. In the interim, compensating controls worth considering include restricting local logon access to WebLogic hosts to only necessary accounts, applying network-policy isolation to limit which users can reach the WebLogic Console, and auditing Console access logs for unexpected session activity. HarborGuard will surface this advisory in the findings queue for each affected environment so that teams can apply manual mitigations without waiting for a patch.

See how HarborGuard automates this
Affected packages
  • Oracle Corporation / WebLogic Server
    14.1.2.0.0 · 15.1.1.0.0
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
References