CISA flags two-year-old Oracle flaw as actively exploited in attacks

CISA has ordered government agencies to secure systems against a high-severity Oracle WebLogic Server vulnerability. The flaw, CVE-2022-26139, was patched in October 2022 and is now actively exploited in attacks. The vulnerability allows remote code execution with unauthenticated access. CISA identified the flaw in its latest threat intelligence report. The exploit has been used in real-world attacks targeting federal systems. Agencies must apply the patch within 72 hours or face increased risk of breach.