Attackers are actively exploiting CVE-2026-46817, a critical Oracle E-Business Suite flaw in the Oracle Payments File Transmission component that allows unauthenticated takeover over HTTP. Oracle has already issued patches and urged immediate updates, while Defused says real-world exploitation began over the weekend. #CVE-2026-46817 #OracleEBusinessSuite #OraclePayments
Keypoints
- CVE-2026-46817 affects the Oracle E-Business Suite Oracle Payments File Transmission component.
- The flaw enables unauthenticated attackers with HTTP access to take over vulnerable systems.
- Oracle released a fix in its May 2026 Critical Security Patch Update.
- Defused reported active exploitation attempts observed on Oracle E-Business honeypots over the weekend.
- Shadowserver says more than 450 Oracle EBS instances are exposed online, with nearly 200 in the United States and Europe.