CVE Tools
Back to feed
BleepingComputer ·EN-US News source

Over 900 Oracle E-Business instances exposed to ongoing attacks

By Sergiu Gatlan··2 min read
CVE Tools coverage

More than 900 Oracle E-Business Suite (EBS) instances are reportedly reachable online while attackers are actively targeting a critical issue, CVE-2026-46817, in the File Transmission component of Oracle Payments. The flaw can be abused by unauthenticated attackers with HTTP network access to take over vulnerable systems through low-complexity techniques, making exposure particularly risky for exposed deployments. Oracle has released fixes in its May 2026 Critical Security Patch Update, and defenders are urged to patch immediately as scanners such as Shadowserver continue to observe a large number of potentially vulnerable installations.