Bottom line: CVE-2024-21182 in Oracle WebLogic Server is being actively exploited and is listed on CISA’s alert status.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added vulnerability CVE-2024-21182 in Oracle WebLogic Server to its catalog of actively exploited security flaws. The flaw (CVSS 7.5) enables remote access without prior authentication and is already being attacked in practice.
CISA confirmed on Monday the active exploitation of CVE-2024-21182 by threat actors. The vulnerability has a CVSS score of 7.5 and affects Oracle WebLogic Server. An unauthenticated attacker with network access can use it to compromise affected servers.
For CISOs, this represents an immediate threat to production environments if Oracle WebLogic Server is in use. Inclusion in CISA’s KEV catalog signals that exploits have already been developed and distributed — not merely theoretically possible. This is a clear prioritization signal for patch management and vulnerability scanning.
Organizations should immediately identify affected WebLogic instances and apply corresponding security patches from Oracle. Additionally, checks must be performed to determine whether affected systems have already been compromised. Special attention should be paid to environments accessible directly from the internet.
Source: thehackernews.com · Published June 2, 2026
Lumi AI News — AI-assisted curation in accordance with Art. 50 EU AI Act. Paraphrasing and classification by Lumi News Pipeline v1.2.9.