A critical vulnerability in Oracle WebLogic Server permits low-privileged users to achieve full system takeover, requiring urgent mitigation.

This vulnerability resides in the Core component of WebLogic Server and is accessible to low-privileged attackers via HTTP. Exploitation can lead to a full system takeover and may impact other products due to scope change.

With a CVSS score of 9.9, this vulnerability is extremely severe. An attacker with minimal access can escalate their privileges to take over the WebLogic Server, which often serves as a critical infrastructure component. This could lead to a total breakdown of internal services and unauthorized data access.

Immediate Action: Apply the Oracle June 2026 Critical Security Patch Update to all affected WebLogic Server environments.

Proactive Monitoring: Audit user privileges and monitor for unusual activity originating from low-privileged accounts or unexpected service calls.

Compensating Controls: Use network-level controls to restrict access to WebLogic Server administrative interfaces and implement WAF rules to filter potentially malicious requests.

Public Exploit Available: False

The severity of this vulnerability, combined with its potential for full system takeover, necessitates immediate action. Organizations must prioritize applying the June 2026 Critical Security Patch to all WebLogic Server instances to prevent exploitation by malicious actors.