CVE-2024-21182

vulnerabilities 2026-06-02
Oracle WebLogic CVE-2024-21182 Hits CISA KEV: Two-Year-Old T3 Bug Now Under Active Exploitation
CISA added the unauthenticated Oracle WebLogic T3/IIOP flaw CVE-2024-21182 to its Known Exploited Vulnerabilities catalog on June 1. The patch has shipped for two years — this is a story about exposed, unpatched middleware.
CVE-2024-21182 oracle weblogic fusion-middleware t3 iiop deserialization cisa-kev

Oracle WebLogic CVE-2024-21182 Hits CISA KEV: Two-Year-Old T3 Bug Now Under Active Exploitation