A critical vulnerability in Oracle E-Business Suite, identified as CVE-2026-46817, is being actively exploited by attackers, with approximately 950 internet-facing systems remaining exposed. This flaw, which affects Oracle Payments versions 12.2.3 through 12.2.15, enables unauthenticated attackers to gain control of vulnerable systems via HTTP. Oracle addressed the issue in its recent Critical Patch Update, urging customers to apply the patches promptly. The active exploitation of this vulnerability expands the attack surface, making it essential for organizations to prioritize patching based on their exposure and evidence of exploitation1. This vulnerability poses a significant risk to organizations using the affected Oracle E-Business Suite versions, and immediate action is necessary to prevent potential breaches. The fact that nearly 1,000 systems are still vulnerable highlights the need for swift remediation to prevent further attacks.
Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed
⚠️ Critical Alert
Why This Matters
CVE-2026-46817 disclosure expands the active attack surface — prioritize based on your exposure and exploitation evidence.
References
- SecurityAffairs. (2026, July 1). Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed. SecurityAffairs. https://securityaffairs.com/194599/security/oracle-e-business-suite-flaw-under-active-attack-950-systems-exposed.html
Original Source
SecurityAffairs
Read original →