A critical vulnerability in Oracle E-Business Suite's payments processing feature, tracked as CVE-2026-46817, has been exploited by a cybercriminal, marking a potentially significant threat. The defect, which carries a 9.8 severity rating, was patched by Oracle in late May, but its exploitation was only recently detected by Defused, a threat intelligence firm. During a two-hour window, Defused's honeypots identified six instances of exploitation, suggesting that attackers may be gearing up for a broader campaign. The vulnerability's high severity rating and active discussion among Intel and other entities underscore its potential impact. As the exploitation status of CVE-2026-46817 continues to evolve, its significance for practitioners lies in determining whether immediate patching or ongoing monitoring is required1. This distinction is crucial, as it directly informs the urgency of remediation efforts and the allocation of security resources.
Researchers spot exploitation of another critical Oracle defect
⚠️ Critical Alert
Why This Matters
CVE-2026-46817 is in active discussion involving Intel — exploitation status determines whether this is patch-now or monitor.
References
- CyberScoop. (2026, July 1). Researchers spot exploitation of another critical Oracle defect. CyberScoop. https://cyberscoop.com/oracle-ebs-critical-vulnerability-exploited/
Original Source
CyberScoop
Read original →