A critical security vulnerability in Oracle’s E-Business Suite is currently being actively exploited, posing significant risks to organizations using this enterprise software. The flaw, identified as CVE-2026-46817 with a CVSS score of 9.8, resides in the Oracle Payments component and affects versions 12.2.3 through 12.2.15.
This vulnerability stems from improper privilege management and authentication mechanisms within Oracle Payments. It allows unauthenticated attackers with network access via HTTP to potentially take over the affected Oracle Payments instances. Oracle addressed this issue in its Critical Security Patch Update released last month.
Despite the availability of patches, threat intelligence firm Defused Cyber has observed active exploitation of this vulnerability. Over the recent weekend, their Oracle E-Business honeypots detected unauthorized activities exploiting CVE-2026-46817. Notably, there are no known previous exploitations or public proof-of-concept codes for this vulnerability, indicating a potentially sophisticated attack.
Details regarding the exploitation methods, the identities of the attackers, and whether these attacks are part of a broader campaign remain unclear. However, this incident underscores the critical importance of promptly applying security patches to mitigate potential threats.
This is not the first time Oracle’s E-Business Suite has been targeted. Late last year, a similar critical vulnerability, CVE-2025-61882, was exploited by threat actors associated with the Cl0p ransomware operation. These attacks began as early as August 2025, highlighting a pattern of adversaries targeting unpatched Oracle systems.
More recently, Oracle’s PeopleSoft Suite faced a critical zero-day vulnerability, CVE-2026-35273, which was actively exploited in data theft and extortion attacks attributed to the ShinyHunters group. This vulnerability was particularly insidious due to its stealthy nature, executing malicious code upon server restart without triggering typical security alerts.
Organizations utilizing Oracle’s E-Business Suite should prioritize applying the latest security patches and conduct thorough reviews of their systems for any signs of compromise. The rapid exploitation of these vulnerabilities emphasizes the need for proactive security measures and continuous monitoring to safeguard sensitive enterprise data.