← All stories
● Covered by 1 source Β· 1 reportHigh impact

Critical Flaw CVE-2026-46817 in Oracle E-Business Suite Exploited

Aggregated by BrevFeed security Β· updated 1d ago
πŸ”– Save

A critical vulnerability in Oracle E-Business Suite, CVE-2026-46817, is now being actively exploited. Impacting versions 12.2.3 to 12.2.15, the flaw allows unauthenticated attackers to take control of Oracle Payments, necessitating immediate patching for affected instances.

Key points

Vulnerability Details

CVE-2026-46817 is an improper privilege management and authentication flaw that affects Oracle Payments in the Oracle E-Business Suite. With a CVSS score of 9.8, it allows unauthenticated attackers with network access to potentially takeover compromised instances.

Active Exploitation

Defused Cyber reported that the vulnerability is currently being exploited in the wild, having observed attacks on Oracle E-Business honeypots. Specific exploitation methods or actors behind these attacks are yet to be identified.

Impact and Context

The vulnerability affects Oracle E-Business Suite versions 12.2.3 through 12.2.15, with patches issued by Oracle in their recent Critical Security Patch Update. This ongoing exploitation raises significant security concerns, especially for businesses relying on affected versions.

Related Vulnerabilities

This incident follows earlier vulnerabilities in Oracle products, including CVE-2025-61882, which was utilized in attacks linked to the Cl0p ransomware. Additionally, CVE-2026-35273, a separate authentication flaw in PeopleSoft Suite, has also been recently exploited in data theft operations against companies, including Nissan.

✨ This summary was generated by AI from the outlets' reporting listed below. It is not independently verified and may contain errors β€” check the original sources. How BrevFeed works β†’

Reporting from

A critical vulnerability in Oracle E-Business Suite, CVE-2026-46817, is now being actively exploited. Impacting versions 12.2.3 to 12.2.15, the flaw allows unauthenticated attackers to take control of Oracle Payments, necessitating immediate patching for affected instances.