Description
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).
Published: 2026-04-21
Score: 7.2 High
EPSS: n/a
KEV: No
Impact: Remote Code Execution and Server Takeover
Action: Immediate Patch
AI Analysis

Impact

A vulnerability in Oracle WebLogic Server enables a high‑privileged attacker who can reach the server over HTTP to compromise the entire instance. The flaw allows the attacker to gain full control, compromising confidentiality, integrity, and availability of the application server.

Affected Systems

Oracle WebLogic Server versions 12.2.1.4.0 and 14.1.1.0.0 are affected. These releases are part of Oracle Fusion Middleware and are used to host enterprise web applications.

Risk and Exploitability

The CVSS 3.1 score of 7.2 indicates moderate‑to‑high severity. No EPSS score is available, so the precise exploitation likelihood is unknown, but the network‑based vector (AV:N) means anyone with network access could attempt an attack. The vulnerability is not currently listed in the CISA KEV catalog. Based on the description, the attack appears to be network‑directed and requires that the attacker already possesses high‑level privileges on the target system.

Generated by OpenCVE AI on April 22, 2026 at 02:33 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Identify the WebLogic Server version running on all production systems and verify whether it matches the affected releases (12.2.1.4.0 or 14.1.1.0.0).
  • Download and apply the patch or upgrade to a non‑affected version provided in Oracle’s April 2026 CPU advisory.
  • Restrict inbound HTTP traffic to the WebLogic Server by enforcing firewall rules or moving the server behind an application proxy, and require strong authentication before allowing any HTTP connections.

Generated by OpenCVE AI on April 22, 2026 at 02:33 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 22 Apr 2026 03:00:00 +0000

Type Values Removed Values Added
Title Remote Server Takeover via HTTP in Oracle WebLogic Server
Weaknesses CWE-287
CWE-94

Wed, 22 Apr 2026 00:00:00 +0000

Type Values Removed Values Added
Description Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).
First Time appeared Oracle
Oracle weblogic Server
CPEs cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
Vendors & Products Oracle
Oracle weblogic Server
References
Metrics cvssV3_1

{'score': 7.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Oracle Weblogic Server
cve-icon MITRE

Status: PUBLISHED

Assigner: oracle

Published:

Updated: 2026-04-21T20:35:26.742Z

Reserved: 2026-03-26T19:48:45.677Z

Link: CVE-2026-34292

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-04-21T21:16:34.087

Modified: 2026-04-21T21:16:34.087

Link: CVE-2026-34292

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-22T04:00:07Z

Weaknesses