Executive Summary
CISA added CVE-2024-21182 to the Known Exploited Vulnerabilities catalog on 2026-06-01, marking it as actively exploited CISA KEV opens in a new tab. The affected product is Oracle WebLogic Server, a unified platform for developing, deploying, and running enterprise applications. The vulnerability is a high-severity authentication bypass flaw (CWE-287) that allows unauthenticated network attackers to compromise WebLogic Server over the proprietary T3 or IIOP protocols.
A successful attack can lead to unauthorized access to critical data, credential theft, or complete takeover of the vulnerable WebLogic instances. The vulnerability affects supported versions 12.2.1.4.0 and 14.1.1.0.0. Oracle addressed the issue in the July 2024 Critical Patch Update (CPU) Oracle July 2024 CPU opens in a new tab. Organizations exposing WebLogic T3/IIOP ports to the internet without applying the necessary CPU patches are at critical risk.