PT-2026-49879 · Oracle · Oracle Coherence

Published

2026-06-16

Updated

2026-06-17

CVE-2026-35308

CVSS v3.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Oracle Coherence versions 12.2.1.4.0, 14.1.1.0.0, 14.1.2.0.0 and 15.1.1.0.0

Description An issue in the Centralized Third Party Jars component allows an unauthenticated attacker with network access via HTTP to compromise the system. Successful exploitation can result in a full takeover of Oracle Coherence and may significantly impact additional products due to a scope change.

Recommendations Apply the June 2026 Critical Patch Update for versions 12.2.1.4.0, 14.1.1.0.0, 14.1.2.0.0 and 15.1.1.0.0.

Fix

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284

Related Identifiers

CVE-2026-35308

Affected Products

Oracle Coherence

PT-2026-49879 · Oracle · Oracle Coherence

CVE-2026-35308

Weakness Enumeration

Related Identifiers

Affected Products

References · 2