Oracle E-Business Suite flaw CVE-2026-46817 is under active attack, with about 950 vulnerable internet-facing instances still exposed.
This week, Defused Cyber researchers warned that a critical vulnerability in Oracle E-Business Suite, tracked as CVE-2026-46817, is being actively exploited. The flaw affects Oracle Payments versions 12.2.3 through 12.2.15 and allows unauthenticated attackers to take over vulnerable systems over HTTP. Oracle fixed the issue in last month’s Critical Patch Update and urges customers to apply the patches immediately.
Defused Cyber did not disclose technical details about the attacks that exploited the flaw or the motivation of the attackers.
Now, Internet monitoring firm Shadowserver counts roughly 950 EBS instances still reachable from the public internet, most of them in the United States. Nobody knows how many of those have been patched.
“We have improved our Oracle E-Business Suite fingerprinting by adding domain based scans in collaboration with @ValidinLLC. Around 950 exposed instances now seen globally (no vulnerability assessment).” reads the post published by The Shadowserver Foundation.
Despite researchers confirming active exploitation of the vulnerabilities, Oracle hasn’t officially flagged this vulnerability as exploited in the wild.
If your organization runs Oracle EBS and hasn’t applied it, that’s the immediate priority. If a public-facing EBS instance is genuinely required for business operations, verify it’s patched before checking anything else on your list today. If it doesn’t need to be internet-facing, take it off the internet.
Shadowserver’s scan suggests the exposed population is not small, and active exploitation without a public proof-of-concept means the attacker community is already ahead of most defenders on this one.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, Oracle E-Business)
Source: SecurityAffairs
Source Link: https://securityaffairs.com/194599/security/oracle-e-business-suite-flaw-under-active-attack-950-systems-exposed.html
CVE-2026-46817 (CVSS 9.8 unauth HTTP takeover in Oracle E-Business) is being exploited