WebLogic T3 Java deserialization RCE — the first of many WebLogic deserialization bugs. Block T3 protocol at the firewall or apply Oracle CPU. Disable T3 if WebLogic is internet-exposed. Java deserialization remains a critical Java EE vulnerability class.
The WLS Security component in Oracle WebLogic Server allows remote attackers to execute arbitrary commands via a crafted serialized Java object in T3 protocol traffic.
Supernova subscribers receive AI-triaged CVE alerts the moment they're published — before the PoC drops.
Start Supernova — $99/mo →