CVE-2026-21962
CRITICAL EXPLOITEDOracle HTTP Server & WebLogic Proxy Plug-in 12.2.1.4.0/14.1.1.0.0/14.1.2.0.0 - Unauthenticated Access Control
Title source: llmExploitation Summary
CVE-2026-21962 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 9 public exploits from researchers including XiaomingX, samael0x4, George0Papasotiriou.
AI-analyzed exploit summary The repository lacks exploit code and provides no technical details about CVE-2026-21962. The README contains vague claims and a message about delaying PoC release, which is a common tactic in suspicious repos.
Description
Vulnerability in the Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in product of Oracle Fusion Middleware (component: Weblogic Server Proxy Plug-in for Apache HTTP Server, Weblogic Server Proxy Plug-in for IIS). Supported versions that are affected are 12.2.1.4.0, 14.1.1.0.0 and 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in. While the vulnerability is in Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in accessible data as well as unauthorized access to critical data or complete access to all Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in accessible data. Note: Affected version for Weblogic Server Proxy Plug-in for IIS is 12.2.1.4.0 only. CVSS 3.1 Base Score 10.0 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N).
Exploits (9)
The repository lacks exploit code and provides no technical details about CVE-2026-21962. The README contains vague claims and a message about delaying PoC release, which is a common tactic in suspicious repos.
This repository contains a detection tool for CVE-2026-21962, which targets Oracle HTTP Server and WebLogic Proxy Plug-in. The Python script performs passive detection by checking HTTP response headers for specific patterns associated with vulnerable versions.
The repository contains a scanner and exploit simulator for CVE-2026-21962, targeting Oracle HTTP Server WebLogic Proxy Plug-in. It probes for vulnerable endpoints and simulates exploit patterns without executing actual malicious payloads.
This is a functional PoC for CVE-2026-21962, an unauthenticated RCE vulnerability in Oracle WebLogic Server Proxy Plug-In. It exploits a deserialization/command injection flaw via crafted headers and URIs.
This repository provides a detailed technical analysis of CVE-2026-21962, an authentication bypass vulnerability in Oracle HTTP Server and WebLogic Proxy Plug-in. It includes affected versions, mitigation strategies, and detection indicators but lacks functional exploit code.
This repository contains a functional Java GUI exploit tool for CVE-2026-21962, targeting Oracle WebLogic Server Proxy Plug-In RCE. The tool automates testing multiple vulnerable paths and executes arbitrary commands via crafted HTTP headers.
The repository lacks any technical details or exploit code, instead using vague marketing language and promising a future PoC release. No actual vulnerability analysis or proof-of-concept is provided.
This repository contains a README describing CVE-2026-21962, a critical vulnerability (CVSS 10.0) in Oracle HTTP Server and Oracle WebLogic Server Proxy Plug-in. The author mentions it is easily exploitable via HTTP but has not yet released a PoC.
This is a functional PoC exploit for CVE-2026-21962, targeting a WebLogic Proxy Plug-In RCE vulnerability. It leverages base64-encoded command injection via HTTP headers to achieve remote code execution.
References (4)
Scores
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N