The Hacker News ·EN News source
Oracle E-Business Suite Flaw CVE-2026-46817 Actively Exploited in the Wild
CVE Tools coverage
Oracle E-Business Suite’s Oracle Payments component is facing a critical actively exploited weakness, tracked as CVE-2026-46817 (CVSS 9.8). The issue involves improper privilege management and authentication that can be abused by a network-based unauthenticated attacker over HTTP to take over affected Oracle Payments instances (versions 12.2.3 through 12.2.15). This matters because it indicates real-world compromise attempts are underway, and organizations should verify they have applied Oracle’s latest security patches.