Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Oracle WebLogic Server CVE-2026-21962 rapid exploitation wave

Exploitation Wave
First reported
Last updated
Happening score
H score 52
1 unique sources, 1 articles

Summary

Hide ▲

Oracle WebLogic Server systems faced a rapid CVE-2026-21962 exploitation wave after public exploit code appeared, creating immediate RCE risk for exposed servers. The activity expanded into automated scanning and repeated probing across multiple IPs, and attackers also continued testing older WebLogic flaws. The pattern shows how quickly newly released exploit code can turn a single flaw into broad internet-wide targeting.

Related Happenings

OpenDCIM multi-flaw exploitation wave (CVE-2026-28515, CVE-2026-28516, CVE-2026-28517)

Exploitation Wave
First: 17.05.2026 14:57 Last: 17.05.2026 14:57 Sources 1

About this happening: **openDCIM** is seeing an **active exploitation wave** tied to **CVE-2026-28515**, **CVE-2026-28516**, and **CVE-2026-28517**, with attackers targeting vulnerable installations an...

Open Happening

MetInfo CMS unauthenticated PHP code injection actively exploited remote code execution flaw (CVE-2026-29014)

Vulnerability
First: 05.05.2026 14:56 Last: 05.05.2026 14:56 Sources 1

About this happening: **CVE-2026-29014** in **MetInfo CMS** is **actively exploited**, putting **versions 7.9, 8.0, and 8.1** at risk of **remote code execution** and full server takeover. **MetInfo**...

Open Happening

Weaver E-cology 10.0 unauthenticated RCE flaw (CVE-2026-22679)

Vulnerability
First: 05.05.2026 01:12 Last: 05.05.2026 01:12 Sources 1

About this happening: **CVE-2026-22679** exposed **Weaver E-cology 10.0** to unauthenticated remote code execution on builds prior to **March 12**, allowing attackers to run system commands on the serv...

Latest development: 05.05.2026 10:37

Evidence of active abuse against Weaver (Fanwei) E-cology CVE-2026-22679 dates to March 17, 2026, with QiAnXin also saying it reproduced the unauthenticated remote code execution flaw that day in its alert.

Open Happening

CPanel & WHM authentication-bypass exploitation wave (CVE-2026-41940)

Exploitation Wave
First: 04.05.2026 11:25 Last: 04.05.2026 11:25 Sources 1

About this happening: Active exploitation of **CVE-2026-41940** is driving a **large cPanel & WHM compromise wave**, putting exposed servers at risk of administrative takeover. **More than 40,000 serve...

Open Happening

LMDeploy SSRF flaw (CVE-2026-33626, actively exploited)

Vulnerability
First: 24.04.2026 10:24 Last: 24.04.2026 10:24 Sources 1

About this happening: **LMDeploy CVE-2026-33626** is being **actively exploited** within **13 hours** of disclosure, turning a **vision-language SSRF flaw** into a path to **cloud credentials** and **i...

Open Happening

Timeline

  1. 26.03.2026 18:00 1 articles · 2mo ago

    CVE-2026-21962 exploitation begins on Oracle WebLogic Server

    Exploitation Observed

    Attackers began exploiting CVE-2026-21962 against Oracle WebLogic Server on January 22, 2026, the same day public exploit code was published. The first observed attempt targeted internet-exposed servers and marked the start of rapid weaponization of the unauthenticated Oracle WebLogic RCE flaw.

    Show sources
    Open in new tab
  2. 26.03.2026 18:00 2 articles · 2mo ago

    CloudSEK publishes honeypot analysis of rapid exploitation

    Initial Disclosure

    CloudSEK published a honeypot analysis on March 26, 2026 covering attack activity between January 22 and February 3, 2026. The study reported widespread automated scanning and exploitation of Oracle WebLogic Server systems, continued abuse of CVE-2020-14882/14883, CVE-2020-2551, and CVE-2017-10271, activity from rented virtual private servers, and dominant use of libredtail-http and the Nmap Scripting Engine. It recommended immediate Oracle security patches, restricted administrative console access, disabled unnecessary protocols and ports, WAF filtering, and log monitoring.

    Show sources
    Open in new tab