Critical flaw in Oracle E-Business Suite is under immediate threat
Critical flaw in Oracle E-Business Suite is under immediate threat
https://www.cybersecuritydive.com/news/critical-flaw-oracle-e-business-suite-threat/824230/
Publish Date: 2026-07-01 11:41:00
Source Domain: www.cybersecuritydive.com
Using an unordered list, summarize the following article with between 4 and 8 key points.
Researchers say a critical vulnerability in Oracle E-Business Suite is facing exploitation attempts by a threat actor.
The vulnerability, tracked as CVE-2026-46817, is a flaw in the Oracle Payments, and has a severity score of 9.8.
If successfully exploited, an unauthenticated attacker with network access via HTTP would be able to compromise the product.
Researchers at Defused observed a hacker exploiting the flaw on its Oracle E-Business honeypots, according to a post on X. The activity was observed on June 27 from a French IP address, but researchers said the threat actor was using a VPN.
There has been no prior known exploitation activity or any release of a proof of concept, researchers said.
About 950 exposed instances are considered potentially vulnerable, according to internet security researchers Shadowserver Foundation and Validin.
Oracle previously addressed the vulnerability as part of a larger series of security patch updates in May.