Threat Intelligence Database

CVE-2026-35310 is a critical vulnerability in Oracle Coherence, part of Oracle Fusion Middleware. It affects versions 12.2.1.4.0, 14.1.1.0.0, 14.1.2.0.0, and 15.1.1.0.0. The vulnerability allows an unauthenticated attacker with network access via HTTP to compromise the product, potentially leading to full takeover. The CVSS 3.1 base score is 9.8, indicating high impact on confidentiality, integrity, and availability. Oracle has released a Critical Security Patch Update advisory recommending prompt patching. No explicit patch versions are listed in the advisory content, but Oracle strongly urges applying the June 2026 Critical Security Patch Update. Mitigations include applying patches promptly and potentially blocking network protocols required for exploitation until patches are applied. No known exploits in the wild have been reported yet.

CVE-2026-35309 is a critical vulnerability in Oracle Coherence versions 12.2.1.4.0, 14.1.1.0.0, 14.1.2.0.0, and 15.1.1.0.0. It allows an unauthenticated attacker with network access via HTTP to fully compromise Oracle Coherence, potentially resulting in complete takeover. The vulnerability has a CVSS 3.1 base score of 9.8, indicating high impact on confidentiality, integrity, and availability. Oracle has included fixes for this vulnerability in its June 2026 Critical Security Patch Update. Customers are strongly advised to apply these patches promptly to mitigate the risk. Until patches are applied, risk reduction may be possible by blocking required network protocols or limiting privileges, though these may affect functionality.

CVE-2026-35308 is a critical vulnerability in Oracle Coherence, part of Oracle Fusion Middleware. It allows an unauthenticated attacker with network access via HTTP to fully compromise Oracle Coherence, potentially leading to complete takeover. The vulnerability affects specific versions of Oracle Coherence and may impact additional Oracle products due to scope change. The CVSS 3.1 base score is 10.0, indicating maximum severity with high confidentiality, integrity, and availability impacts. Oracle has released a Critical Security Patch Update addressing this and many other vulnerabilities. Customers are strongly advised to apply the patches promptly to mitigate risk.

CVE-2026-35307 is a critical vulnerability in Oracle Coherence, part of Oracle Fusion Middleware. It allows an unauthenticated attacker with network access via HTTP to fully compromise Oracle Coherence, potentially leading to complete takeover. The vulnerability affects specific versions of Oracle Coherence and may impact additional Oracle products due to scope change. The CVSS 3.1 base score is 10.0, indicating maximum severity with high confidentiality, integrity, and availability impacts. Oracle has released a Critical Security Patch Update in June 2026 addressing this and many other vulnerabilities. Customers are strongly advised to apply the provided patches promptly. Until patched, risk reduction may be possible by blocking required network protocols or restricting privileges, though these mitigations may affect functionality.

CVE-2026-35306 is a critical vulnerability in Oracle Coherence 15.1.1.0.0 that allows an unauthenticated attacker with network access via HTTP to compromise the product. Exploitation can lead to unauthorized access to critical data and unauthorized modification (update, insert, delete) of some Oracle Coherence accessible data. The vulnerability has a CVSS 3.1 base score of 9.3, indicating high confidentiality and integrity impacts with no required privileges or user interaction. Oracle has included this vulnerability in its June 2026 Critical Security Patch Update advisory but has not explicitly stated patch availability or remediation details for this specific CVE in the advisory content provided. Oracle strongly recommends applying Critical Security Patch Update patches promptly to mitigate risks. Workarounds such as blocking network protocols or restricting privileges may reduce risk but could impact functionality.

CVE-2026-35305 is a critical vulnerability in Oracle Coherence 15.1.1.0.0 that allows an unauthenticated attacker with network access via HTTP to compromise the product. Exploitation can lead to unauthorized access to critical data, including the ability to read, update, insert, or delete data accessible by Oracle Coherence. The vulnerability has a CVSS 3.1 base score of 9.3, indicating high confidentiality and integrity impact with no required privileges or user interaction. Oracle has released a Critical Security Patch Update in June 2026 addressing this and other vulnerabilities, strongly recommending patch application. Until patched, risk reduction may be possible by blocking relevant network protocols or limiting privileges, though these may affect functionality.

CVE-2026-35304 is a critical vulnerability in Oracle Coherence, part of Oracle Fusion Middleware. It affects versions 12.2.1.4.0, 14.1.1.0.0, 14.1.2.0.0, and 15.1.1.0.0. The flaw allows an unauthenticated attacker with network access via HTTPS to fully compromise Oracle Coherence, potentially resulting in complete takeover. The vulnerability has a CVSS 3.1 base score of 9.8, indicating high impact on confidentiality, integrity, and availability. Oracle has included this vulnerability in its June 2026 Critical Security Patch Update advisory. Customers are strongly advised to apply the available security patches promptly to mitigate the risk. Until patches are applied, risk reduction may be possible by blocking required network protocols or restricting privileges, though these may impact functionality.