Oracle HTTP Server and Weblogic Proxy Plug-in vulnerability

Added: 01/23/2026

Background

Oracle HTTP Server is the web server component for Oracle Fusion Middleware.

Problem

A vulnerability in Oracle HTTP Server and Weblogic Proxy Plug-in could allow a remote attacker to execute arbitrary commands by requesting a specially crafted path which allows execution of commands injected into certain headers.

Resolution

Apply the Oracle Critical Patch Update for January 2026.

References

https://www.oracle.com/security-alerts/cpujan2026.html#AppendixFMW

Platforms

Windows
Linux

Back to exploit index