Critical Oracle WebLogic Proxy Flaw Compromises Servers

Oracle has disclosed a severe security vulnerability affecting its Fusion Middleware suite. This flaw specifically targets the Oracle HTTP Server and the Oracle WebLogic Server Proxy Plug-in.

Assigned CVE-2026-21962, this flaw carries the maximum severity rating and poses an immediate threat to enterprise environments that use these proxy components.

The vulnerability stems from a defect in how the WebLogic Server Proxy Plug-ins for Apache HTTP Server and Microsoft IIS handle incoming requests. Because the flaw is located in the proxy layer, it exposes critical infrastructure to unauthenticated, remote exploitation without requiring user interaction.

Oracle WebLogic Server Proxy Vulnerability

This vulnerability is characterized by its low attack complexity and high impact. An unauthenticated attacker with network access via HTTP can exploit this flaw to bypass security controls entirely.

The issue impacts the Oracle HTTP Server and the WebLogic Server Proxy Plug-in, which are often deployed in DMZs to forward requests to backend WebLogic clusters.

According to the disclosure, the vulnerability allows for unauthorized access to critical data. Furthermore, it permits attackers to manipulate the integrity of the system, granting the ability to create, delete, or modify data accessible to the Oracle HTTP Server.

A significant aspect of this CVE is the “Scope Change” (S:C) metric in the CVSS vector. This indicates that while the vulnerability exists within the Proxy Plug-in, a successful exploit can impact resources and components beyond the plug-in itself, potentially allowing attackers to pivot into the backend WebLogic environment.

The flaw has received a CVSS 3.1 Base Score of 10.0, highlighting its critical nature. While the availability impact is listed as none in the vector, the complete loss of confidentiality and integrity renders the server effectively compromised.

Affected Versions and Components

Administrators should verify their installations immediately. The vulnerability affects the Oracle Fusion Middleware component: WebLogic Server Proxy Plug-in for Apache HTTP Server and WebLogic Server Proxy Plug-in for IIS.

The specific supported versions vulnerable to this exploit include:

• Oracle HTTP Server / Proxy Plug-in: Versions 12.2.1.4.0, 14.1.1.0.0, and 14.1.2.0.0.
• WebLogic Server Proxy Plug-in for IIS: Affected solely on version 12.2.1.4.0.

Given the ease of exploitation and the criticality of the data at risk, organizations are urged to immediately apply the necessary patches provided in Oracle’s Critical Patch Update (CPU).

If immediate patching is not feasible, security teams should consider restricting network access to the affected HTTP ports to trusted IP addresses only, although this may disrupt legitimate web traffic.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.