

Oracle E-Business Suite versions 12.2.3 through 12.2.15, specifically the Oracle Payments product (File Transmission component). Internet-facing deployments are at highest risk; active exploitation and internet-wide scanning of exposed instances has been confirmed.
A critical vulnerability in Oracle E-Business Suite Oracle Payments is being actively exploited in the wild. Tracked as CVE-2026-46817, the flaw affects the File Transmission component and allows an unauthenticated attacker with network access via HTTP to compromise Oracle Payments and potentially take over the vulnerable system. Security researchers have observed active exploitation attempts against Oracle EBS honeypots, and internet-wide scans indicate that hundreds of Oracle EBS instances remain exposed online, increasing the risk of opportunistic attacks.
Patched in Oracle's May 2026 Critical Patch Update (CPU). Active exploitation confirmed at time of publication on 30 June 2026. Internet-wide scanning for exposed instances confirmed. Hundreds of Oracle EBS instances remain publicly accessible online.
Any Oracle E-Business Suite deployment running versions 12.2.3 through 12.2.15 with the Oracle Payments/File Transmission component accessible via HTTP from the internet or untrusted networks. No authentication is required to exploit this vulnerability.
CVE-2026-46817 (CVSS 9.8) - A vulnerability in the Oracle Payments product of Oracle E-Business Suite (File Transmission component) allows an unauthenticated attacker with network access via HTTP to compromise Oracle Payments. Successful exploitation can result in complete takeover of the Oracle Payments component. The vulnerability is described as easily exploitable with no privileges or user interaction required.
An unauthenticated attacker sends a crafted HTTP request to the Oracle Payments File Transmission component over the network. Successful exploitation results in full takeover of Oracle Payments. Active exploitation has been observed against honeypots and real-world instances. The combination of unauthenticated access, network exploitability, and the breadth of still-exposed instances makes automated opportunistic attack highly likely.
Full compromise of Oracle Payments enables attackers to manipulate payment processing operations, intercept financial transaction data, and potentially gain a foothold into broader EBS infrastructure. Given Oracle EBS is typically integrated with core financial and HR systems, lateral movement from a compromised Oracle Payments instance carries significant business risk. Active exploitation is confirmed, meaning unpatched internet-exposed instances should be treated as compromised until proven otherwise.
Risk is rated Critical across all organisation sizes in both government and commercial sectors. Oracle E-Business Suite is a core enterprise platform for finance, HR, procurement, and supply chain operations. The CVSS 9.8 score combined with confirmed active exploitation and hundreds of still-exposed instances creates an acute, time-sensitive risk. Organizations running affected versions with public internet exposure have no grace period.
Apply Oracle's May 2026 Critical Patch Update immediately to all affected Oracle E-Business Suite Oracle Payments instances (versions 12.2.3 through 12.2.15). Restrict network access to Oracle Payments and the File Transmission component by blocking public internet exposure and allowing connections only from trusted internal or partner systems. Monitor for signs of compromise including unusual requests to Oracle Payments endpoints, unauthorised account creation, and suspicious configuration changes. Given confirmed active exploitation, treat any anomalous activity as a potential indicator of compromise.
Apply the Principle of Least Privilege across all EBS systems and services. Upgrade software, operating systems, applications, and firmware on all network assets in a timely manner. Use vulnerability management tooling to assess endpoints, networks, and applications for known weaknesses. Apply advanced application control and protection to enforce granular control over all application access, communications, and privilege elevation attempts. Ensure Endpoint Security and Perimeter Security products are updated with the latest signatures. If active exploitation is suspected, isolate the affected Oracle Payments component, preserve logs, and initiate incident response procedures immediately.
The Hacker News - Oracle E-Business Suite Flaw CVE-2026-46817. BleepingComputer - New Oracle E-Business Suite Flaw Now Exploited in Attacks. CVE: CVE-2026-46817.
Trusted by clients worldwide






Led by human expertise and powered by the VisionX platform, we provide you with a 24/7 unbeatable Managed Detection & Response capability giving you transparent and consolidated security solutions.




