CVE-2024-21182 is a critical unauthenticated remote compromise vulnerability in Oracle WebLogic Server, confirmed as actively exploited by CISA in June 2026 — two years after initial CVE assignment. An attacker with network access to a WebLogic instance can achieve full server compromise without credentials. CVSS 9.5 and a 99th-percentile EPSS score make this an emergency patching event for financial services, government, and healthcare organizations where WebLogic is commonly deployed.