Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
WebLogic Deserialization of Untrusted Data Vulnerability - CVE-2026-35300 - Vulnerability Database
WebLogic

WebLogic Deserialization of Untrusted Data Vulnerability - CVE-2026-35300

Critical
Reference: CVE-2026-35300
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2026-35300
Title: WebLogic Deserialization of Untrusted Data Vulnerability
Overview:

Vulnerability in the WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 14.1.1.0.0 14.1.2.0.0 and 15.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TCP to compromise WebLogic Server. Successful attacks of this vulnerability can result in takeover of WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).