[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fc_wsx4VJvc0Hr-ACUfGw6PRBhu4ME3DzDmqUFZrbasI":3},{"article":4,"iocs":46},{"id":5,"title":6,"slug":7,"summary":8,"ai_summary":9,"brief":10,"full_text":11,"url":12,"image_url":13,"published_at":14,"ingested_at":15,"relevance_score":16,"entities":17,"category_id":33,"category":34,"article_tags":38},"f6f69eab-ab3c-4a67-a687-f61de23ad493","Oracle E-Business Suite Flaw CVE-2026-46817 Actively Exploited in the Wild","oracle-e-business-suite-flaw-cve-2026-46817-actively-exploited-in-the-wild-441553","A critical security flaw impacting Oracle E-Business Suite has come under active exploitation in the wild, according to Defused Cyber. The vulnerability, tracked as CVE-2026-46817 (CVSS score: 9.8), refers to an improper privilege management and authentication flaw in Oracle Payments that could be abused to take over susceptible instances. \"Easily exploitable vulnerability allows","A critical vulnerability, CVE-2026-46817, affecting Oracle E-Business Suite's Oracle Payments component is being actively exploited. The flaw, with a CVSS score of 9.8, allows unauthenticated attackers to take over susceptible instances. Oracle released patches for this vulnerability last month, but exploitation has already been observed in the wild.","Oracle E-Business Suite flaw CVE-2026-46817 is being actively exploited in the wild.","Oracle E-Business Suite Flaw CVE-2026-46817 Actively Exploited in the Wild Ravie LakshmananJun 30, 2026Vulnerability \u002F Enterprise Software A critical security flaw impacting Oracle E-Business Suite has come under active exploitation in the wild, according to Defused Cyber. The vulnerability, tracked as CVE-2026-46817 (CVSS score: 9.8), refers to an improper privilege management and authentication flaw in Oracle Payments that could be abused to take over susceptible instances. \"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Payments,\" according to a description of the flaw in the NIST National Vulnerability Database (NVD). \"Successful attacks of this vulnerability can result in the takeover of Oracle Payments.\" The shortcoming impacts versions from 12.2.3 through 12.2.15. Patches for the flaw were shipped by Oracle as part of its Critical Security Patch Update last month. CVE-2026-46817 has since come under active exploitation, with Defused Cyber noting on Monday that \"over the weekend, we observed an actor exploiting the vulnerability on our Oracle E-Business honeypots,\" adding \"this vulnerability has no known previous exploitation and no public PoC [proof-of-concept] code exists.\" That said, there are currently no details available on how the security flaw is being exploited, who is behind them, and if it's part of a broader opportunistic or targeted campaign aimed at unpatched systems. Late last year, another critical flaw in the same product (CVE-2025-61882, CVSS score: 9.8) was weaponized by threat actors linked to the Cl0p ransomware operation, with early attacks launched as far back as August 2025. Earlier this month, the company addressed a critical missing authentication zero-day vulnerability in PeopleSoft Suite (CVE-2026-35273, CVSS score: 9.8) that was actively exploited in ShinyHunters data theft and extortion attacks. Automaker Nissan has since acknowledged that it was among those impacted, stating it was the victim of a break-in that involved the exploitation of the PeopleSoft flaw, potentially exposing payroll records, bank details, Social Security numbers, and other personal and financial data belong to its employees in the U.S., Canada, Mexico, and Brazil. \"What stood out was that CVE-2026-35273 isn't just another trivial, easy-to-exploit single-request vulnerability,\" Jake Knott, principal security researcher at watchTowr, said in a statement. \"The attack chain is considerably more involved, combining multiple vulnerabilities to plant a malicious file that doesn’t execute immediately but waits until the server restarts.\" \"Where we would normally see simple bugs, this is a chain of multiple vulnerabilities, suggestive of a threat actor with genuine knowledge of and familiarity with the underlying codebase, and the ability to develop targeted capabilities against it.\" Knott also pointed out that threat actors are exploiting vulnerabilities faster than ever before, urging organizations to assume compromise and activate incident response processes to determine whether access was obtained before patches were applied, what was accessed, and whether persistence was established. Found this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post. SHARE     Tweet Share Share Share SHARE  Authentication bypass, cybersecurity, data theft, Enterprise Software, oracle, privilege escalation, Threat Intelligence, Vulnerability ⚡ Top Stories This Week Chrome Ad Blocker with 10M+ Installs Found with Dormant Script Injection Capability New Gaslight macOS Malware Uses Prompt Injection to Disrupt AI-Assisted Analysis Cisco Catalyst SD-WAN Zero-Day CVE-2026-20245 Exploited to Gain Root Access Google Sets Sept. 30 Deadline for Android Developer Verification in Four Countries Amadey and StealC Malware Network Disrupted, 27M Stolen Credentials Recovered FortiBleed Targeted FortiGate Firewalls in 110 Million-Credential Harvesting Operation Fake AI Agent Skill Passed Security Scans and Reportedly Reached 26,000 Agents WhatsApp VBScript Campaign Uses Fake Documents to Install ManageEngine RMM Tool 29-Year-Old Squid Proxy Bug 'Squidbleed' Can Leak Cleartext HTTP Requests ⚡ Weekly Recap: Browser Bugs, EDR Killers, TV Botnet, OpenBSD Flaw, Android Trojan, and More Unpatchable 'usbliter8' Exploit Breaks Apple A12 and A13 SecureROM Boot Chain The Gentlemen RaaS Uses GentleKiller EDR Framework Targeting 400 Security Processes AutoJack Attack Lets One Web Page Hijack AI Agent for Host Code Execution CISA Warns Fortinet Customers as FortiBleed Hits 86,644 FortiGate Devices F5 Patches Two Critical NGINX Open Source Flaws Enabling Remote Code Execution Salesforce Disables Klue App Integration After OAuth Token Abuse Exposes Customer Data ⭐ Featured Resources Get the 2026 Guide to Govern and Secure Enterprise AI Agents at Scale [Watch Demo] See Which Security Gaps Attackers Could Exploit First AI Can’t Stop Every Attack. Learn How Zero Trust Can Block What’s Unknown Have You Outgrown Your MDR? 7 Warning Signs Every CISO Should Check","https:\u002F\u002Fthehackernews.com\u002F2026\u002F06\u002Foracle-e-business-suite-flaw-cve-2026.html","https:\u002F\u002Fblogger.googleusercontent.com\u002Fimg\u002Fb\u002FR29vZ2xl\u002FAVvXsEhYwCBjb2uPzIs-8BNIxo90ae4xRgxzM1av-ijebBJ32Y2DEvRUvM-jMd6S535UdnbPKrLtFHxm0k9Lo7GJgVjCWCrH-0RNFZukDv7shdA02IkDs1Iqx8C-uH2hOCyfpJ01tmNVGhrvQ-6FGlmdjnCP0nXrq7zl5KVL3XZ84I9QTImD5DM8HYoJbA0A1P3w\u002Fs1600\u002Foracle.jpg","2026-06-30T05:04:06+00:00","2026-06-30T06:00:20.660157+00:00",9,[18,21,23,25,28,31],{"name":19,"type":20},"Oracle E-Business Suite","product",{"name":22,"type":20},"Oracle Payments",{"name":24,"type":20},"PeopleSoft Suite",{"name":26,"type":27},"Oracle","vendor",{"name":29,"type":30},"Cl0p ransomware operation","threat_actor",{"name":32,"type":30},"ShinyHunters","80544778-fabb-4dcd-aa35-17492e5dcf4f",{"id":33,"icon":35,"name":36,"slug":37},null,"Vulnerabilities","vulnerabilities",[39,41],{"category":40},{"id":33,"icon":35,"name":36,"slug":37},{"category":42},{"id":43,"icon":35,"name":44,"slug":45},"e7b231c8-5f79-4465-8d38-1ef13aea5a14","Threat Intelligence","threat-intelligence",[47,51,54],{"type":48,"value":49,"context":50},"cve","CVE-2026-46817","Improper privilege management and authentication flaw in Oracle Payments",{"type":48,"value":52,"context":53},"CVE-2025-61882","Previously exploited critical flaw in Oracle E-Business Suite",{"type":48,"value":55,"context":56},"CVE-2026-35273","Critical missing authentication zero-day vulnerability in PeopleSoft Suite"]