External risk intelligence

Oracle Coherence Critical Vulnerability Allows Unauthorized Data Access

CVE advisorySeverity: CRITICAL (CVSS 9.3)

CVE-2026-35306

A critical vulnerability in Oracle Coherence allows unauthenticated attackers network access to compromise the product, potentially leading to unauthorized access, modification, or deletion of critical data.

Oracle Coherence

15.1.1.0.0

Halo Surface Signal

Likely · external exposure

4Halo Surface Signal

Oracle Coherence is often deployed as a middleware layer supporting web applications and APIs. Since the vulnerability is reachable via unauthenticated HTTP network access, it is commonly exposed in environments where Coherence nodes or associated service interfaces are accessible to handle distributed data, making network-facing exposure a common deployment scenario for this product role.

Horizon Alert

Summary of the vulnerability and why it matters

A critical vulnerability has been identified in Oracle Coherence, a component within Oracle Fusion Middleware. This issue is easily exploitable by unauthenticated attackers over the network, potentially leading to unauthorized access or modification of sensitive data within Coherence and possibly impacting other connected products.

Unauthenticated network access can compromise data.
It affects a core middleware product with broad impact.
Confirm relevance and exposure to protect critical data.

Attack Path

How an attacker could exploit the issue

An attacker could target an unauthenticated user over the network via HTTP to compromise Oracle Coherence. This could lead to unauthorized access to critical data or unauthorized modifications.

Network access via HTTP required.
Vulnerable component is Centralized Third Party Jars.
Risk of unauthorized data access and modification.

Live Threat

Current exploitation, exposure, and threat context

This vulnerability in Oracle Coherence could allow an unauthenticated attacker to gain unauthorized access to critical data or gain complete access to all data within Oracle Coherence. It could also lead to unauthorized updates, insertions, or deletions of some data when supported by the advisory.

Unauthorized access to critical data.
Network exposure via HTTP.
Unauthorized data modification or exposure.

Operational Fix

Recommended remediation, mitigation, and detection steps

Identifying the scope of this Oracle Coherence vulnerability requires collaboration between application owners, platform teams, and security personnel to locate all instances of the affected technology. The first step is to determine where Oracle Coherence is deployed, assess its exposure and criticality, and identify the accountable teams for remediation planning.

Application and platform teams own the issue.
Verify network reachability and asset criticality.
Plan remediation based on risk assessment.

Supplementary metadata

PCI scan relevance

Yes

CVE-2026-35306 — Halo PCI Relevance: Yes. Under typical PCI ASV external scan criteria, this issue may be flagged for scan prioritization.

This CVE is PCI scan-relevant as it allows unauthenticated network access to compromise Oracle Coherence, potentially leading to unauthorized access or modification of critical data.

Scan-prioritization guidance only—not a PCI DSS certification or ASV attestation.

CVSS vector

Validate whether this threat affects your internet-facing exposure.

Halo Threat Intelligence helps prioritize remediation with Halo Surface Signal and H/A/L/O context. Start exposure validation with a free external attack surface trial.

Free EASM Trial See How Signal Works

Frequently asked questions

What is Oracle Coherence?

Oracle Coherence is a middleware component within Oracle Fusion Middleware. It acts as an in-memory data grid that enables applications to cache and manage large volumes of data across distributed systems, which helps speed up data access and improves the performance of web applications and APIs.

What does CWE-284 mean for CVE-2026-35306?

This CVE involves CWE-284, which is a weakness class regarding Improper Access Control. In plain English, this means the system fails to correctly verify the identity or permissions of a user. For this specific vulnerability, it allows an unauthorized person to bypass security checks and interact with data they should not be able to see or change.

How can an attacker trigger this vulnerability?

An attacker can trigger this issue by sending malicious requests over a network using the HTTP protocol. Because this involves the Centralized Third Party Jars component, the flaw is not triggered by legitimate internal data processing tasks but rather by external, unauthenticated input reaching the affected service.

Is my instance of Oracle Coherence at risk?

Halo Surface Signal indicates that Oracle Coherence is often deployed to support web applications and APIs. If your Coherence nodes or service interfaces are reachable via HTTP from the network, they are at higher risk. You should evaluate if these interfaces are exposed to the public internet or accessible to untrusted network segments.

How should I respond to this threat?

Begin by working with your platform and application teams to map out where Oracle Coherence is installed in your environment. Once you have a list of deployments, determine which ones are accessible over the network. After identifying these assets, coordinate with the appropriate teams to prioritize these instances for the next stage of your security maintenance cycle.

References

www.oracle.com/security-alerts/cspujun2026.html

Written by Nicholas Merritt

External-surface CVE analysis and Halo Surface Signal prioritization for Halo Threat Intelligence.