CISA orders federal patching of Oracle WebLogic CVE-2024-21182
Public Sector Action
Summary
Hide ▲
Show ▼
CISA ordered federal agencies to patch Oracle WebLogic Server against CVE-2024-21182 by June 4, creating an immediate remediation deadline for affected government systems. The directive followed CISA's addition of the flaw to its catalog of vulnerabilities exploited in attacks. The order applies to WebLogic deployments in the federal environment, while CISA also urged broader defenders to patch as soon as possible.
Related Happenings
Oracle WebLogic Server unauthenticated remote compromise flaw (CVE-2024-21182)
Vulnerability
First: 02.06.2026 15:40
Last: 02.06.2026 15:40
Sources 1
How related:
"Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server," Oracle said when it released security patches for CVE-2024-21182 in July 2024.
About this happening:
**CVE-2024-21182** in **Oracle WebLogic Server** is **actively exploited** and can let a **network-access attacker** achieve **unauthenticated remote compromise**. The flaw affect...
Oracle WebLogic Server unauthenticated remote compromise flaw (CVE-2024-21182)
VulnerabilityHow related: "Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server," Oracle said when it released security patches for CVE-2024-21182 in July 2024.
About this happening: **CVE-2024-21182** in **Oracle WebLogic Server** is **actively exploited** and can let a **network-access attacker** achieve **unauthenticated remote compromise**. The flaw affect...
CISA orders FCEB patching for CVE-2026-9082
Public Sector Action
First: 26.05.2026 11:46
Last: 26.05.2026 11:46
Sources 1
About this happening:
**CISA** added **CVE-2026-9082** to the **KEV Catalog** and ordered **FCEB agencies** to patch **Drupal** by **May 27**, turning an actively exploited flaw into a mandatory federa...
CISA orders FCEB patching for CVE-2026-9082
Public Sector ActionAbout this happening: **CISA** added **CVE-2026-9082** to the **KEV Catalog** and ordered **FCEB agencies** to patch **Drupal** by **May 27**, turning an actively exploited flaw into a mandatory federa...
Apex One on-premises server directory traversal zero-day (CVE-2026-34926)
Vulnerability
First: 22.05.2026 16:39
Last: 22.05.2026 16:39
Sources 1
About this happening:
**CVE-2026-34926** is a **Trend Micro Apex One** **on-premises** directory traversal zero-day that can let a privileged local attacker inject malicious code onto affected **agents...
Apex One on-premises server directory traversal zero-day (CVE-2026-34926)
VulnerabilityAbout this happening: **CVE-2026-34926** is a **Trend Micro Apex One** **on-premises** directory traversal zero-day that can let a privileged local attacker inject malicious code onto affected **agents...
CISA KEV listing and FCEB ActiveMQ patch order
Public Sector Action
First: 17.04.2026 12:30
Last: 17.04.2026 12:30
Sources 1
About this happening:
**CISA** added **CVE-2026-34197** to the **KEV Catalog** and ordered **FCEB** agencies to patch **Apache ActiveMQ** servers within **two weeks**. The directive sets a hard **April...
CISA KEV listing and FCEB ActiveMQ patch order
Public Sector ActionAbout this happening: **CISA** added **CVE-2026-34197** to the **KEV Catalog** and ordered **FCEB** agencies to patch **Apache ActiveMQ** servers within **two weeks**. The directive sets a hard **April...
CISA KEV listing and FCEB patch order for Ivanti EPMM
Public Sector Action
First: 08.04.2026 21:15
Last: 08.04.2026 21:15
Sources 1
About this happening:
**CISA** added **CVE-2026-1340** to the **KEV Catalog** and ordered **FCEB agencies** to patch **Ivanti Endpoint Manager Mobile (EPMM)** by **Saturday midnight, April 11**, forcin...
CISA KEV listing and FCEB patch order for Ivanti EPMM
Public Sector ActionAbout this happening: **CISA** added **CVE-2026-1340** to the **KEV Catalog** and ordered **FCEB agencies** to patch **Ivanti Endpoint Manager Mobile (EPMM)** by **Saturday midnight, April 11**, forcin...
Timeline
-
02.06.2026 15:40 2 articles · 2h ago
CISA orders federal patching for Oracle WebLogic Server CVE-2024-21182
Legal Policy Action UpdateCISA added CVE-2024-21182 to its catalog of vulnerabilities exploited in attacks and ordered federal agencies to patch Oracle WebLogic Server by midnight on Thursday, June 4, under Binding Operational Directive (BOD) 22-01. CISA also urged broader defenders to apply vendor mitigations or discontinue use of the product if mitigations are unavailable.
Show sources
- CISA flags two-year-old Oracle flaw as actively exploited in attacks — www.bleepingcomputer.com — 02.06.2026 15:40
- CISA flags two-year-old Oracle flaw as actively exploited in attacks — www.bleepingcomputer.com — 02.06.2026 15:40