CVE-2026-21962

Name of the Vulnerable Software and Affected Versions Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in for Apache HTTP Server, and Oracle Weblogic Server Proxy Plug-in for IIS versions 12.2.1.4.0, 14.1.1.0.0, and 14.1.2.0.0 are affected.

Description An easily exploitable vulnerability exists in Oracle HTTP Server and Oracle Weblogic Server Proxy Plug-in, allowing an unauthenticated attacker with network access via HTTP to compromise the system. Successful exploitation can result in unauthorized creation, deletion, or modification of critical data. Active exploitation of this vulnerability has been observed worldwide, with attackers utilizing automated scanning and exploit attempts. The vulnerability allows for unauthenticated remote code execution, potentially leading to full system compromise, malware deployment, and data theft. Attackers are leveraging path traversal techniques and exploiting the ProxyServlet component. The vulnerability has a CVSS score of 10.0.

Recommendations Immediately apply the Oracle Critical Patch Update (Jan 2026) for affected Oracle HTTP Server / WebLogic proxy components. Do not expose WebLogic admin consoles or proxy endpoints to the public internet; restrict access via VPN, bastion, or firewall allowlists. Deploy and tune WAF rules to detect/block known path-traversal and ProxyServlet exploit patterns. Monitor logs for suspicious commands and unexpected processes. Rotate credentials and review logs for signs of compromise.