7 min read
By: RedLegg's Cyber Threat Intelligence Team
About:
CVE-2026-21962 is a critical unauthenticated vulnerability affecting Oracle HTTP Server and the Oracle WebLogic Server Proxy Plug-in for Apache and IIS. By sending specially crafted HTTP requests, a remote attacker can compromise the proxy component without authentication. Successful exploitation may result in unauthorized access to sensitive data and the ability to create, modify, or delete data processed by the proxy and potentially by downstream applications, posing a significant risk to enterprise environments, especially internet-facing deployments.CVE-2026-20045 is a high-severity remote code execution vulnerability affecting multiple Cisco Unified Communications products. The flaw stems from improper validation of user-supplied input in HTTP requests processed by web-based management interfaces. A remote, unauthenticated attacker can send crafted requests that bypass input sanitization and inject commands into underlying system processes, potentially leading to full compromise of affected voice and collaboration infrastructure. The vulnerability has been added to CISA’s Known Exploited Vulnerabilities (KEV) catalog, confirming real-world exploitation.
RedLegg will occasionally communicate vulnerabilities released outside the usual release schedule to provide additional value to our customers. These emergency bulletins describe vulnerabilities or threats we classify as the highest severity level and warrant out-of-band emergency patching or mitigation action.
VULNERABILITIES
Unauthenticated Critical Data Compromise in Oracle HTTP Server and Oracle WebLogic Server Proxy Plug-in
CVSS Score: 8.2 (High, CVSS v3.1)
Identifier: CVE-2026-20045
Exploit or Proof of Concept (PoC):
CVE-2026-20045 has been added to CISA's Known Exploited Vulnerabilities (KEV) catalog, indicating confirmed real-world exploitation.
Update/ Patch:
Cisco has released security updates to address CVE-2026-20045. Administrators should apply the fixed software versions provided in the official Cisco security advisory:
All affected Unified Communications components, including clustered nodes, must be upgraded to patched releases and verified after deployment.
Description:
CVE-2026-20045 is a remote code execution vulnerability caused by improper validation of user-supplied input in HTTP requests handled by the web management interfaces of several Cisco Unified Communications products. A remote, unauthenticated attacker can exploit this flaw by sending crafted requests that bypass input sanitization and inject commands into underlying system processes.
Mitigation Recommendation:
Immediately apply Cisco's security updates for CVE-2026-20045 across all affected Unified Communications products and clusters.
Restrict access to web-based management interfaces to trusted administrative networks only; do not expose them directly to the internet.
Enforce network segmentation to isolate voice and collaboration infrastructure from user and external networks.
