By Eduard Kovacs
Publication Date: 2026-06-02 11:39:00
CISA is warning organizations that an Oracle WebLogic vulnerability patched nearly two years ago is being exploited in the wild.
The vulnerability, named CVE-2024-21182, has been patched by Oracle in the Java application server July 2024 CPU. The software giant’s advisory shows that the bug was discovered and reported independently by several researchers.
Several proof-of-concept (PoC) exploits targeting CVE-2024-21182 have been made publicly available since the vulnerability’s existence came to light, but CISA appears to be the first to warn of its exploitation in the wild.
CISA Added CVE-2024-21182 added to the Known Exploited Vulnerabilities (KEV) catalog on June 1 and instructed federal authorities to fix the problem by June 4.
The vulnerability can be exploited by remote, unauthenticated hackers to compromise vulnerable Oracle WebLogic Server instances.
“Successful attacks on this vulnerability could result in unauthorized access to critical data or…