By Guru Baran
Publication Date: 2026-01-21 06:39:00
Oracle has disclosed a serious security vulnerability affecting its Fusion middleware suite, specifically targeting the Oracle HTTP Server and the Oracle WebLogic Server Proxy Plug-in.
This flaw, assigned CVE-2026-21962, is of the highest severity and poses an imminent threat to enterprise environments that use these proxy components.
The vulnerability is due to a flaw in the way the WebLogic Server proxy plugins work Apache HTTP server and Microsoft IIS process incoming requests. Because the vulnerability is located in the proxy layer, it exposes critical infrastructure to unauthenticated remote exploitation without requiring user interaction.
Vulnerability in Oracle WebLogic Server Proxy
This vulnerability is characterized by low attack complexity and high impact. An unauthenticated attacker with network access via HTTP could exploit this vulnerability to completely bypass security controls.
The problem affects the Oracle HTTP Server and WebLogic…
