CISA orders feds to patch actively exploited Oracle flaw by Saturday

CISA orders feds to patch actively exploited Oracle flaw by Saturday
CISA has ordered U.S. federal agencies to patch Oracle E-Business Suite systems by Saturday after confirming active attacks against CVE-2026-46817, a critical flaw in Oracle Payments that allows unauthenticated takeover over HTTP. Oracle and threat researchers said the issue has been exploited in the wild, with more than 1,000 Internet-exposed Oracle EBS instances tracked and many located in the United States. #CVE-2026-46817 #OracleEBusinessSuite #OraclePayments #CISA

Keypoints

  • CISA ordered federal agencies to patch Oracle EBS by July 18.
  • CVE-2026-46817 enables unauthenticated takeover via HTTP access.
  • Oracle released fixes in its May 2026 Critical Security Patch Update.
  • Defused reported real-world exploitation against Oracle EBS honeypots.
  • Shadowserver tracks over 1,000 Internet-exposed Oracle EBS instances.

Read More: https://www.bleepingcomputer.com/news/security/cisa-orders-feds-to-patch-actively-exploited-oracle-flaw-by-saturday/