CVE-2026-35300 – WebLogic Server

CVSS 9.8 CRITICAL Critical or Zero Day – Immediate Deployment

“A critical WebLogic weakness can put core applications and business services in the blast zone.”

WebLogic Server has been updated to address twelve vulnerabilities, including five Critical severity issues and seven High severity issues. CVE-2026-35292 and CVE-2026-35301 each have a CVSS score of 10.0, which is Critical severity. CVE-2026-35263 has a CVSS score of 9.9, which is Critical severity. CVE-2026-35298 has a CVSS score of 9.1, which is Critical severity. CVE-2026-35300 has a CVSS score of 9.8, which is Critical severity.

The update also covers CVE-2026-35258 with a CVSS score of 8.7, CVE-2026-35259 with a CVSS score of 8.8, CVE-2026-35299 with a CVSS score of 8.8, CVE-2026-35302 with a CVSS score of 8.3, CVE-2026-35303 with a CVSS score of 8.8, CVE-2026-35311 with a CVSS score of 8.8, and CVE-2026-46848 with a CVSS score of 7.9, all of which are High severity.

Key Details

Affected Product
Oracle Weblogic Server
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
CWE Classification
CWE-502
Patch this CVE on all your endpoints in under 5 minutes. First 200 endpoints are free forever, scale as needed.