CVE Catalog

CVE-2026-35308

CriticalCVSS 10.0
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.47%

37th percentile — higher than 37% of all known CVEs

Summary

Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware allows an unauthenticated attacker with network access via HTTP to compromise Oracle Coherence. Affected versions are 12.2.1.4.0, 14.1.1.0.0, 14.1.2.0.0, and 15.1.1.0.0.

Risk Assessment

An attacker can exploit this vulnerability to take over Oracle Coherence, which may significantly impact other products in the ecosystem. The high CVSS score of 10.0 indicates a serious threat to confidentiality, integrity, and availability.

Recommendation

It is recommended to upgrade to the latest version of Oracle Coherence to mitigate the risk associated with this vulnerability. Additionally, network access should be monitored and further security measures implemented.

Original NVD description (English source)

Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Centralized Third Party Jars). Supported versions that are affected are 12.2.1.4.0, 14.1.1.0.0, 14.1.2.0.0 and 15.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Coherence. While the vulnerability is in Oracle Coherence, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Coherence. CVSS 3.1 Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).

Vulnerability data from NVD (NIST) · CISA KEV · EPSS