About:
CVE-2026-21962 is a critical unauthenticated vulnerability affecting Oracle HTTP Server and the Oracle WebLogic Server Proxy Plug-in for Apache and IIS. By sending specially crafted HTTP requests, a remote attacker can compromise the proxy component without authentication. Successful exploitation may result in unauthorized access to sensitive data and the ability to create, modify, or delete data processed by the proxy and potentially by downstream applications, posing a significant risk to enterprise environments, especially internet-facing deployments.CVE-2026-20045 is a high-severity remote code execution vulnerability affecting multiple Cisco Unified Communications products. The flaw stems from improper validation of user-supplied input in HTTP requests processed by web-based management interfaces. A remote, unauthenticated attacker can send crafted requests that bypass input sanitization and inject commands into underlying system processes, potentially leading to full compromise of affected voice and collaboration infrastructure. The vulnerability has been added to CISA’s Known Exploited Vulnerabilities (KEV) catalog, confirming real-world exploitation.
RedLegg will occasionally communicate vulnerabilities released outside the usual release schedule to provide additional value to our customers. These emergency bulletins describe vulnerabilities or threats we classify as the highest severity level and warrant out-of-band emergency patching or mitigation action.
CVSS Score: 8.2 (High, CVSS v3.1)
Identifier: CVE-2026-20045
Exploit or Proof of Concept (PoC):
CVE-2026-20045 has been added to CISA's Known Exploited Vulnerabilities (KEV) catalog, indicating confirmed real-world exploitation.
Update/ Patch: