Oracle WebLogic CVE-2024-21182 Added to KEV Catalog After Active Exploitation
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2024-21182 to its Known Exploited Vulnerabilities (KEV) catalog on June 2, 2026, citing evidence of active exploitation. The vulnerability affects Oracle WebLogic Server and carries a CVSS score of 7.5 (high severity). It allows an unauthenticated attacker with network access to take control of affected servers. Organizations using Oracle WebLogic Server are urged to apply the available patch immediately to mitigate risk. CISA's KEV catalog is used to prioritize remediation of vulnerabilities known to be exploited in the wild.
// why it matters
Unpatched Oracle WebLogic servers are at immediate risk of remote takeover.