Bg ShapeBg Shape
THREAT INTELLIGENCE

Oracle E-Business Suite Flaw Actively Exploited

Affected Environment

Oracle E-Business Suite versions 12.2.3 through 12.2.15, specifically the Oracle Payments product (File Transmission component). Internet-facing deployments are at highest risk; active exploitation and internet-wide scanning of exposed instances has been confirmed.

Threat Overview

A critical vulnerability in Oracle E-Business Suite Oracle Payments is being actively exploited in the wild. Tracked as CVE-2026-46817, the flaw affects the File Transmission component and allows an unauthenticated attacker with network access via HTTP to compromise Oracle Payments and potentially take over the vulnerable system. Security researchers have observed active exploitation attempts against Oracle EBS honeypots, and internet-wide scans indicate that hundreds of Oracle EBS instances remain exposed online, increasing the risk of opportunistic attacks.

Exposure Timeline

Patched in Oracle's May 2026 Critical Patch Update (CPU). Active exploitation confirmed at time of publication on 30 June 2026. Internet-wide scanning for exposed instances confirmed. Hundreds of Oracle EBS instances remain publicly accessible online.

Attack Surface

Any Oracle E-Business Suite deployment running versions 12.2.3 through 12.2.15 with the Oracle Payments/File Transmission component accessible via HTTP from the internet or untrusted networks. No authentication is required to exploit this vulnerability.

Technical Root Cause

CVE-2026-46817 (CVSS 9.8) - A vulnerability in the Oracle Payments product of Oracle E-Business Suite (File Transmission component) allows an unauthenticated attacker with network access via HTTP to compromise Oracle Payments. Successful exploitation can result in complete takeover of the Oracle Payments component. The vulnerability is described as easily exploitable with no privileges or user interaction required.

Exploitation Pathway

An unauthenticated attacker sends a crafted HTTP request to the Oracle Payments File Transmission component over the network. Successful exploitation results in full takeover of Oracle Payments. Active exploitation has been observed against honeypots and real-world instances. The combination of unauthenticated access, network exploitability, and the breadth of still-exposed instances makes automated opportunistic attack highly likely.

Operational Impact

Full compromise of Oracle Payments enables attackers to manipulate payment processing operations, intercept financial transaction data, and potentially gain a foothold into broader EBS infrastructure. Given Oracle EBS is typically integrated with core financial and HR systems, lateral movement from a compromised Oracle Payments instance carries significant business risk. Active exploitation is confirmed, meaning unpatched internet-exposed instances should be treated as compromised until proven otherwise.

Strategic Impact

Risk is rated Critical across all organisation sizes in both government and commercial sectors. Oracle E-Business Suite is a core enterprise platform for finance, HR, procurement, and supply chain operations. The CVSS 9.8 score combined with confirmed active exploitation and hundreds of still-exposed instances creates an acute, time-sensitive risk. Organizations running affected versions with public internet exposure have no grace period.

Required Mitigation

Apply Oracle's May 2026 Critical Patch Update immediately to all affected Oracle E-Business Suite Oracle Payments instances (versions 12.2.3 through 12.2.15). Restrict network access to Oracle Payments and the File Transmission component by blocking public internet exposure and allowing connections only from trusted internal or partner systems. Monitor for signs of compromise including unusual requests to Oracle Payments endpoints, unauthorised account creation, and suspicious configuration changes. Given confirmed active exploitation, treat any anomalous activity as a potential indicator of compromise.

Incident Response Guidance

Apply the Principle of Least Privilege across all EBS systems and services. Upgrade software, operating systems, applications, and firmware on all network assets in a timely manner. Use vulnerability management tooling to assess endpoints, networks, and applications for known weaknesses. Apply advanced application control and protection to enforce granular control over all application access, communications, and privilege elevation attempts. Ensure Endpoint Security and Perimeter Security products are updated with the latest signatures. If active exploitation is suspected, isolate the affected Oracle Payments component, preserve logs, and initiate incident response procedures immediately.

References

The Hacker News - Oracle E-Business Suite Flaw CVE-2026-46817. BleepingComputer - New Oracle E-Business Suite Flaw Now Exploited in Attacks. CVE: CVE-2026-46817.

Download the Full Report

Explore More of the Latest Threat Intelligence

Trusted by clients worldwide

Logo
Logo
Logo
Logo
Logo
Logo

Your 24/7 Security Partner

Led by human expertise and powered by the VisionX platform, we provide you with a 24/7 unbeatable Managed Detection & Response capability giving you transparent and consolidated security solutions.

Awards Image
Awards Image
Awards Image
Awards Image
Awards Image
Awards Image