CISA added CVE-2024-21182, an unauthenticated network-accessible flaw in Oracle WebLogic Server, to the Known Exploited Vulnerabilities catalog on 2026-06-01, with federal agencies required to remediate by 2026-06-04.
What Is It
CVE-2024-21182 is a vulnerability in the Core component of Oracle WebLogic Server, part of Oracle Fusion Middleware. Per the NVD description, the flaw is "easily exploitable" and allows an unauthenticated attacker with network access via the T3 or IIOP protocols to compromise the server. Successful exploitation can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. The vulnerability carries a CVSS 3.1 base score of 7.5 (HIGH), with the vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N, impact is confined to confidentiality, with no integrity or availability impact. CISA's KEV entry describes the issue as an "unspecified vulnerability."
Why It Matters
CISA's addition to the KEV catalog on 2026-06-01 signals that this vulnerability is being actively exploited in the wild. The attack requires no authentication, no user interaction, and low complexity, and it is reachable over the network through T3 and IIOP, protocols commonly exposed by WebLogic deployments. Known ransomware campaign use is listed as "Unknown" in the KEV entry. Federal civilian agencies have until 2026-06-04 to comply with the required action.
What's Vulnerable
According to the NVD record, the affected supported versions are:
- Oracle WebLogic Server 12.2.1.4.0
- Oracle WebLogic Server 14.1.1.0.0
Exposure is via the T3 and IIOP protocols.
Patch Status
Oracle addressed this vulnerability in its July 2024 Critical Patch Update advisory. CISA's required action directs organizations to "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable." The compliance due date is 2026-06-04.