// Oracle HealthCRITICAL
CISA added CVE-2024-21182, a critical Oracle WebLogic Server vulnerability, to its Known Exploited Vulnerabilities catalog on June 1, 2026, after confirming active exploitation in the wild. The flaw allows unauthenticated attackers to gain unauthorized access via T3 and IIOP protocols. CISA ordered federal agencies to patch by June 4, 2026, and strongly recommends organizations apply mitigations immediately to prevent compromise of WebLogic-dependent services including potential Oracle Health infrastructure.
- CISA Issues Alert on Oracle WebLogic Server Flaw Under Active Ex(opens in a new tab)
- U.S. CISA adds Oracle WebLogic flaw to its Known Exploited Vulne(opens in a new tab)
- Oracle WebLogic CVE-2024-21182 Added to KEV Catalog After Active(opens in a new tab)
- CISA Flags 2-Year-Old Oracle WebLogic Vulnerability as Actively (opens in a new tab)
- CISA warns of Oracle WebLogic vulnerability exploitation(opens in a new tab)
- Oracle WebLogic CVE-2024-21182 Added to KEV(opens in a new tab)
// Get alerts for Oracle Health