CVE-2026-21962

Name of the Vulnerable Software and Affected Versions Oracle HTTP Server versions 12.2.1.4.0, 14.1.1.0.0 through 14.1.2.0.0 Oracle Weblogic Server Proxy Plug-in versions 12.2.1.4.0 Oracle Weblogic Server Proxy Plug-in for IIS version 12.2.1.4.0

Description An easily exploitable issue exists in Oracle HTTP Server and Oracle Weblogic Server Proxy Plug-in, allowing an unauthenticated attacker with network access via HTTP to compromise the systems. Successful exploitation can lead to unauthorized creation, deletion, or modification of critical data, and potentially impact additional products. The vulnerability stems from improper access control and allows for remote code execution. Multiple attempts to exploit this vulnerability have been observed, with some including base64-encoded payloads. The vulnerability affects both the Apache HTTP Server and IIS versions of the Weblogic Server Proxy Plug-in.

Recommendations Apply the Oracle January 2026 Critical Patch Update to address the vulnerability. As a temporary workaround, consider restricting access to the vulnerable proxy services. Review and harden proxy configurations to minimize the risk of exploitation. Disable the vulnerable modules

mod wl 24.so

if possible. Block requests containing both headers 'X-WebLogic-KeepAlive: true' and 'X-WebLogic-KeepAlive: false'.