Skip to main content

Overview

Oracle has addressed a critical severity vulnerability affecting Oracle HTTP Server and the Oracle WebLogic Server Proxy Plug-in components used in Oracle Fusion Middleware. The vulnerability is remotely exploitable over HTTP and requires no authentication, potentially enabling an attacker to compromise affected services and access or modify data exposed through the proxy layer.

  • CVE-2026-21962: Oracle HTTP Server / WebLogic Server Proxy Plug‑in Improper Access Control Vulnerability (CVSSv3 10.0) 

Affected versions: Oracle HTTP Server and WebLogic Server Proxy Plug‑in 12.2.1.4.0, 14.1.1.0.0, and 14.1.2.0.0. WebLogic Server Proxy Plug‑in for IIS affected in 12.2.1.4.0 only

 

Cisco has released security updates to address a critical remote code execution vulnerability affecting multiple Cisco Unified Communications products. Successful exploitation could allow an unauthenticated remote attacker to execute arbitrary commands by sending crafted HTTP requests to the web-based management interface. Cisco notes that exploitation can lead to escalation from user-level access to root, and that there are no workarounds that fully mitigate the issue.

  • CVE-2026-20045: Cisco Unified Communications Products Remote Code Execution Vulnerability (CVSSv3 8.2) 

Affected Platforms:

  • Unified Communications Manager (Unified CM)
  • Unified Communications Manager Session Management Edition (Unified CM SME)
  • Unified Communications Manager IM & Presence Service (Unified CM IM&P)
  • Unity Connection
  • Webex Calling Dedicated Instance

 

Apache has issued an advisory for a high severity “Missing XML Validation” vulnerability affecting Apache Struts, a widely used Java web application framework. The issue could allow a remote attacker to abuse unsafe XML processing in affected Struts deployments, potentially resulting in sensitive information disclosure and service disruption (denial of service) under certain conditions.

  • CVE-2025-68493: Apache Struts Missing XML Validation Vulnerability (CVSSv3 8.1).

Affected versions: Apache Struts from 2.0.0 before 2.2.1; and from 2.2.1 through 6.1.0.

 

Recommended Action   

Organisations are encouraged to review the appropriate security advisory pages and apply the updates:   

Oracle – GitHub - CVE-2026-21962: CVE-2026-21962

Cisco – Cisco Unified Communications Products Remote Code Execution Vulnerability

Apache - S2-069 - Apache Struts 2 Wiki - Apache Software Foundation

If you have any concerns, or have been affected by a cyber-related issue, report it to us by submitting aCyber Concerns Online Reporting Form.  

Topics

  • Advisory
  • Vulnerability
  • Exploit
  • Patches and Updates