A long-patched Oracle WebLogic Server vulnerability is now being exploited in real attacks, putting internet-facing servers at risk if they were not updated. CISA added CVE-2024-21182 to its Known Exploited Vulnerabilities catalog on June 1, 2026. Oracle patched the flaw in July 2024; it can be exploited remotely without authentication against affected WebLogic Server instances, and successful exploitation can expose sensitive data or allow broader server compromise.
Why it matters: Organizations running Oracle WebLogic should treat this as urgent because attackers no longer need valid logins to target exposed systems. Patch immediately, check whether any WebLogic servers are internet-accessible, and hunt for signs of compromise if updates were delayed.
info@thehackernews.com (The Hacker News)
2026.06.02
98% relevant
This appears to be the same underlying event: active exploitation of Oracle WebLogic CVE-2024-21182 and its addition to the KEV catalog. The article mainly reinforces the KEV status and urgency rather than establishing a separate incident.
Sergiu Gatlan
2026.06.02
99% relevant
This article is the same underlying event and adds operational detail that CISA ordered federal agencies to patch by June 4 under Binding Operational Directive 22-01, while noting affected WebLogic versions and internet exposure counts from Shodan.
Eduard Kovacs
2026.06.02
100% relevant
This article establishes a distinct new tracked event: active exploitation and KEV listing of Oracle WebLogic CVE-2024-21182, not just Oracle's broader monthly patch cycle.
← Back to all stories