Hackers now exploit critical Oracle E-Business flaw in attacks

Hackers now exploit critical Oracle E-Business flaw in attacks
Attackers are actively exploiting CVE-2026-46817, a critical Oracle E-Business Suite flaw in the Oracle Payments File Transmission component that allows unauthenticated takeover over HTTP. Oracle has already issued patches and urged immediate updates, while Defused says real-world exploitation began over the weekend. #CVE-2026-46817 #OracleEBusinessSuite #OraclePayments

Keypoints

  • CVE-2026-46817 affects the Oracle E-Business Suite Oracle Payments File Transmission component.
  • The flaw enables unauthenticated attackers with HTTP access to take over vulnerable systems.
  • Oracle released a fix in its May 2026 Critical Security Patch Update.
  • Defused reported active exploitation attempts observed on Oracle E-Business honeypots over the weekend.
  • Shadowserver says more than 450 Oracle EBS instances are exposed online, with nearly 200 in the United States and Europe.

Read More: https://www.bleepingcomputer.com/news/security/new-oracle-e-business-suite-flaw-now-exploited-in-attacks/