CISA orders feds to patch actively exploited Oracle flaw by Saturday

CISA orders feds to patch actively exploited Oracle flaw by Saturday

CISA orders feds to patch actively exploited Oracle flaw by Saturday

https://www.bleepingcomputer.com/news/security/cisa-orders-feds-to-patch-actively-exploited-oracle-flaw-by-saturday/

Publish Date: 2026-07-16 06:56:00

Source Domain: www.bleepingcomputer.com

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to secure their systems by Saturday against ongoing attacks exploiting a critical vulnerability in the Oracle E-Business Suite (EBS) financial application.

Discovered in the File Transmission component of EBS’s Oracle Payments product and tracked as CVE-2026-46817, this security flaw allows unauthenticated threat actors with HTTP network access to take over vulnerable systems in low-complexity attacks.

Oracle released security updates to address the security issue with its May 2026 Critical Security Patch Update, urging customers to patch their systems immediately.

image

“In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches,” the company warned at the time. “Oracle therefore strongly recommends that customers remain on actively-supported versions and apply security patches without delay.”

While Oracle has not yet flagged CVE-2026-46817 as exploited in the wild, threat intelligence company Defused said on June 29 that malicious actors had begun exploiting it in the wild.

“CVE-2026-46817 (CVSS 9.8 unauth HTTP takeover in Oracle E-Business) is being exploited. Over the weekend, we observed an actor exploiting the vulnerability on our Oracle E-Business honeypots. This vulnerability has no known previous exploitation and no public POC code exists,” Defused noted.

​Internet security watchdog Shadowserver now tracks over 1,000 Internet-exposed Oracle EBS instances, more than half of them in the United States. However, there is no information on how many of them are honeypots or have already been secured against ongoing CVE-2026-46817 attacks.

Oracle EBS instances exposed onlineOracle EBS instances exposed online (Shadowserver)

On Wednesday, CISA also confirmed that hackers are actively exploiting the vulnerability, adding it to its list of known exploited security flaws, and ordering U.S….

Source