CVE Tools
Back to feed
The Hacker News ·EN News source

Oracle E-Business Suite Flaw CVE-2026-46817 Actively Exploited in the Wild

By The Hacker News··2 min read
CVE Tools coverage

Oracle E-Business Suite’s Oracle Payments component is facing a critical actively exploited weakness, tracked as CVE-2026-46817 (CVSS 9.8). The issue involves improper privilege management and authentication that can be abused by a network-based unauthenticated attacker over HTTP to take over affected Oracle Payments instances (versions 12.2.3 through 12.2.15). This matters because it indicates real-world compromise attempts are underway, and organizations should verify they have applied Oracle’s latest security patches.