Over 900 Oracle E-Business instances exposed to ongoing attacks

Over 900 Oracle E-Business instances exposed to ongoing attacks
Over 900 Oracle E-Business Suite instances are exposed online while attackers actively exploit a critical flaw in the Oracle Payments File Transmission component, tracked as CVE-2026-46817. Oracle has issued a May 2026 security update, and Defused, Shadowserver, and CISA-related reporting highlights a broader pattern of Oracle product flaws being targeted in real-world attacks. #OracleEBusinessSuite #CVE2026-46817 #Defused #Shadowserver #CISA

Keypoints

  • More than 900 Oracle E-Business Suite instances are exposed on the internet.
  • CVE-2026-46817 affects the Oracle Payments File Transmission component.
  • The flaw allows unauthenticated HTTP attackers to take over vulnerable systems.
  • Oracle released fixes in the May 2026 Critical Security Patch Update.
  • Defused reported active exploitation, and Shadowserver tracks about 950 exposed Oracle EBS instances.

Read More: https://www.bleepingcomputer.com/news/security/over-900-oracle-e-business-instances-exposed-to-ongoing-attacks/