Attackers actively exploit the Oracle E-Business Suite flaw CVE-2026-46817
Attackers actively exploit the Oracle E-Business Suite flaw CVE-2026-46817
Publish Date: 2026-06-30 05:08:00
Source Domain: securityaffairs.com
Attackers actively exploit the Oracle E-Business Suite flaw CVE-2026-46817
Pierluigi Paganini
June 30, 2026
Attackers are exploiting a critical flaw in Oracle E-Business Suite, CVE-2026-46817, that allows remote, unauthenticated attackers to take over Oracle Payments.
A critical vulnerability in Oracle E-Business Suite, tracked as CVE-2026-46817, is being actively exploited in the wild, according to cybersecurity firm Defused Cyber.
“CVE-2026-46817 (CVSS 9.8 unauth HTTP takeover in Oracle E-Business) is being exploited Over the weekend, we observed an actor exploiting the vulnerability on our Oracle E-Business honeypots.” reads the post on X published by the cybersecuriyt firm. “This vulnerability has no known previous exploitation and no public POC code exists.”
🚨 CVE-2026-46817 (CVSS 9.8 unauth HTTP takeover in Oracle E-Business) is being exploited
Over the weekend, we observed an actor exploiting the vulnerability on our Oracle E-Business honeypots
This vulnerability has no known previous exploitation and no public POC code… pic.twitter.com/qL4dgPvoMP
— Defused (@DefusedCyber) June 29, 2026
The flaw affects Oracle Payments versions 12.2.3 through 12.2.15 and allows unauthenticated attackers to take over vulnerable systems over HTTP. Oracle fixed the issue in last month’s Critical Patch Update and urges customers to apply the patches immediately.
Defused Cyber did not disclose technical details about the attacks that exploited the flaw or the motivation of the attackers.
In mid June, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Oracle PeopleSoft Enterprise PeopleTools flaw, tracked as CVE-2026-35273 (CVSS score of 9.8), to its Known Exploited Vulnerabilities (KEV) catalog.
Oracle PeopleSoft Enterprise PeopleTools is the underlying technology platform used to build, run, administer, and customize Oracle PeopleSoft…
