The bottom line: CISA orders federal agencies to patch a two-year-old Oracle WebLogic vulnerability that is actively being exploited.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has instructed federal agencies to patch a critical security vulnerability in Oracle WebLogic Server that was already patched two years ago but is now actively exploited in attacks.
The affected vulnerability in Oracle WebLogic Server is already being used by attackers in the field. The fact that a two-year-old, patched vulnerability is once again the target of attack activity suggests that many systems have not been updated despite patches being available.
For CISOs, this represents a critical action requirement: WebLogic servers are often centrally positioned in enterprise environments and process business-critical applications. Successful exploitation could give attackers access to sensitive systems and data. Active exploitation in practice underscores that this vulnerability is not a theoretical threat.
CISOs should immediately identify all Oracle WebLogic installations in their inventory and apply the available patch. In parallel, it is recommended to review access controls on affected systems and monitor for suspicious activity in WebLogic logs.
Source: www.bleepingcomputer.com · Published June 2, 2026
Lumi AI News — AI-assisted curation in accordance with Article 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.2.9.