CVE Tools
Back to feed
Help Net Security ·EN-US News source

Oracle E-Business Suite Payments flaw under attack (CVE-2026-46817)

By Zeljka Zorz··2 min read
CVE Tools coverage

Threat actors have been observed attempting exploitation of CVE-2026-46817 against Oracle Payments, the payment-processing module in Oracle’s E-Business Suite (EBS). The issue targets the ibytransmit endpoint in Oracle Payments’ File Transmission component and can be used by unauthenticated remote attackers to read files from the server, potentially exposing sensitive data such as database credentials, encryption keys, and API secrets. Oracle patched the vulnerability in late May 2026, and organizations running Oracle E-Business Suite versions 12.2.3 to 12.2.15 should apply the May 2026 Critical Security Patch Update immediately and avoid public internet exposure of EBS web interfaces until updated.