CVE-2026-35308
CriticalCVSS 10.0Exploitation Probability (EPSS)
Low risk37th percentile — higher than 37% of all known CVEs
Summary
Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware allows an unauthenticated attacker with network access via HTTP to compromise Oracle Coherence. Affected versions are 12.2.1.4.0, 14.1.1.0.0, 14.1.2.0.0, and 15.1.1.0.0.
Risk Assessment
An attacker can exploit this vulnerability to take over Oracle Coherence, which may significantly impact other products in the ecosystem. The high CVSS score of 10.0 indicates a serious threat to confidentiality, integrity, and availability.
Recommendation
It is recommended to upgrade to the latest version of Oracle Coherence to mitigate the risk associated with this vulnerability. Additionally, network access should be monitored and further security measures implemented.
Original NVD description (English source)
Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Centralized Third Party Jars). Supported versions that are affected are 12.2.1.4.0, 14.1.1.0.0, 14.1.2.0.0 and 15.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Coherence. While the vulnerability is in Oracle Coherence, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Coherence. CVSS 3.1 Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).

