Cyber Security

Oracle E-Business Suite Flaw CVE-2026-46817 Actively Exploited in the Wild

IRavie LakshmananJune 30, 2026Risk / Business Software

A critical security flaw affecting the Oracle E-Business Suite has come under active exploitation in the wild, according to Defused Cyber.

Vulnerability, followed by CVE-2026-46817 (CVSS score: 9.8), refers to an improper privilege management and authentication flaw in Oracle Payments that can be exploited to take vulnerable situations.

“An exploitable vulnerability allows an unauthenticated attacker with network access via HTTP to compromise Oracle Payments,” according to the NIST National Vulnerability Database (NVD) flaw description. “A successful attack on this vulnerability could lead to a takeover of Oracle Payments.”

The flaw affects versions from 12.2.3 to 12.2.15. Patches for this bug were sent by Oracle as part of the Critical Security Patch Update last month.

CVE-2026-46817 has since been exploited, Defused Cyber ​​noted on Monday that “over the weekend, we saw an actor exploiting a vulnerability in our Oracle E-Business honeypots,” adding that “this vulnerability cannot be exploited previously and there is no public PoC. [proof-of-concept] the code is there.”

That said, there is currently no information available on how this security flaw is being exploited, who is behind it, and if it is part of a broader or targeted opportunistic campaign targeting unpublished programs.

Late last year, another critical flaw in the same product (CVE-2025-61882, CVSS score: 9.8) was exploited by malicious actors linked to the Cl0p ransomware project, with the original attack being launched back in August 2025.

Earlier this month, the company faced a critical missing zero-day vulnerability in PeopleSoft Suite (CVE-2026-35273, CVSS score: 9.8) that was widely exploited in ShinyHunters data theft and extortion attacks.

Automaker Nissan admitted it was among those affected, saying it was the victim of a hack involving the exploitation of a PeopleSoft flaw, which may have exposed pay records, bank information, Social Security numbers, and other personal and financial information belonging to its employees in the US, Canada, Mexico and Brazil.

“The highlight is that CVE-2026-35273 is not just another trivial, exploitable vulnerability for a single application,” Jake Knott, principal security researcher at watchTowr, said in a statement. “The attack chain is very involved, combining multiple vulnerabilities to plant a malicious file that doesn’t work immediately but waits until the server restarts.”

“Where we used to see simple bugs, this is a series of multiple vulnerabilities, suggesting a threat actor with real knowledge and familiarity with the underlying codebase, and the ability to develop capabilities targeted against it.”

Knott also pointed out that threat actors are exploiting vulnerabilities faster than ever, encouraging organizations to consider compromises and activate incident response processes to determine if access was obtained before exploits, what was accessed, and whether persistence was established.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button