Critical flaw in Oracle E-Business Suite is under immediate threat

Critical flaw in Oracle E-Business Suite is under immediate threat

Critical flaw in Oracle E-Business Suite is under immediate threat

https://www.cybersecuritydive.com/news/critical-flaw-oracle-e-business-suite-threat/824230/

Publish Date: 2026-07-01 11:41:00

Source Domain: www.cybersecuritydive.com

Researchers say a critical vulnerability in Oracle E-Business Suite is facing exploitation attempts by a threat actor. 

The vulnerability, tracked as CVE-2026-46817, is a flaw in the Oracle Payments, and has a severity score of 9.8. 

If successfully exploited, an unauthenticated attacker with network access via HTTP would be able to compromise the product. 

Researchers at Defused observed a hacker exploiting the flaw on its Oracle E-Business honeypots, according to a post on X. The activity was observed on June 27 from a French IP address, but researchers said the threat actor was using a VPN. 

There has been no prior known exploitation activity or any release of a proof of concept, researchers said.

About 950 exposed instances are considered potentially vulnerable, according to internet security researchers Shadowserver Foundation and Validin. 

Oracle previously addressed the vulnerability as part of a larger series of security patch updates in May.

Source