CVE-2026-35301 – WebLogic Server
“A critical WebLogic weakness can put core applications and business services in the blast zone.”
WebLogic Server has been updated to address twelve vulnerabilities, including five Critical severity issues and seven High severity issues. CVE-2026-35292 and CVE-2026-35301 each have a CVSS score of 10.0, which is Critical severity. CVE-2026-35263 has a CVSS score of 9.9, which is Critical severity. CVE-2026-35298 has a CVSS score of 9.1, which is Critical severity. CVE-2026-35300 has a CVSS score of 9.8, which is Critical severity.
The update also covers CVE-2026-35258 with a CVSS score of 8.7, CVE-2026-35259 with a CVSS score of 8.8, CVE-2026-35299 with a CVSS score of 8.8, CVE-2026-35302 with a CVSS score of 8.3, CVE-2026-35303 with a CVSS score of 8.8, CVE-2026-35311 with a CVSS score of 8.8, and CVE-2026-46848 with a CVSS score of 7.9, all of which are High severity.
Key Details
- Affected Product
- Oracle Weblogic Server
- Attack Vector
- Network
- Attack Complexity
- Low
- Privileges Required
- None
- User Interaction
- None
- CWE Classification
- CWE-306