CVE Tools
Back to feed
BleepingComputer ·EN-US News source Exploited in the wildOracle E-Business SuiteOracle Payments

CISA orders feds to patch actively exploited Oracle flaw by Saturday

By Sergiu Gatlan··2 min read
CVE Tools coverage

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has directed federal agencies to apply patches for a critical vulnerability in Oracle E-Business Suite by July 18, due to active exploitation in real-world attacks. The flaw, identified as CVE-2026-46817, resides in the File Transmission feature of Oracle Payments and enables unauthenticated attackers to gain control of affected systems through simple HTTP-based attacks. Oracle issued fixes during its May 2026 Critical Security Patch Update, emphasizing the urgency of applying these updates. Threat intelligence firm Defused confirmed that malicious actors have already begun exploiting this vulnerability, with no public proof-of-concept code currently available.