Threat Intelligence / CVE / CVE-2026-21962

CVE-2026-21962

CVSS 9.8 (CRITICAL) · EPSS 0.0%

Critical unauthenticated remote code execution vulnerability (CVSS 10.0) in Oracle HTTP Server and WebLogic Server Proxy Plug-in. Attackers exploit path traversal sequences ('..;' notation) to reach internal ProxyServlet endpoints, enabling arbitrary OS command execution without authentication. Active exploitation observed within hours of public PoC release.

CVSS v3 vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N

Weaknesses (CWE)

CWE-284

Threats tracking this CVE

CVE-2026-21962: Oracle WebLogic Server & HTTP Server Unauthenticated RCE via Proxy Plug-in Path Traversal (CVSS 10.0) — Active Exploitation — CRITICAL

Full detection coverage & IOCs for threats exploiting CVE-2026-21962 are available via the Threadlinqs MCP server (Purple tier). View plans →

Markdown version · Threadlinqs Intelligence