SecurityWeek ·EN-US News source
Exploitation of Recent Oracle E-Business Suite Vulnerability Begins
CVE Tools coverage
Threat actors have begun targeting a critical Oracle E-Business Suite (EBS) vulnerability tracked as CVE-2026-46817 (CVSS 9.8), with activity observed against the File Transmissions component in the Payments product. Oracle says unauthenticated attackers can exploit the issue over HTTP to take over Oracle Payments, making it a high-impact risk for organizations running EBS. The flaw was addressed in Oracle’s first monthly Critical Security Patch Update (CSPU) in late May, so defenders should prioritize patching to reduce exposure.