"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Payments," according to a description of the flaw in the NIST National Vulnerability Database (NVD).
CVE-2026-46817 and Oracle Payments
CVE-2026-46817 is tracked as a critical security flaw (CVSS score: 9.8) that the NVD describes as an "improper privilege management and authentication" vulnerability in Oracle Payments. The NVD description warns that successful exploitation "can result in the takeover of Oracle Payments." The flaw specifically affects Oracle E-Business Suite instances that include Oracle Payments.
Active exploitation observed by Defused Cyber
Security firm Defused Cyber reported active exploitation of CVE-2026-46817. According to the company, "over the weekend, we observed an actor exploiting the vulnerability on our Oracle E-Business honeypots." Defused Cyber also noted that "this vulnerability has no known previous exploitation and no public PoC [proof-of-concept] code exists." Beyond the honeypot observations, there are currently no public details about attack techniques, attribution, or whether the incidents reflect an opportunistic scan-and-exploit pattern or a targeted campaign.
Versions affected and Oracle's remediation
The vulnerability impacts Oracle E-Business Suite versions from 12.2.3 through 12.2.15. Oracle shipped patches for the flaw as part of its Critical Security Patch Update last month. Those updates are the vendor-provided remediation for the vulnerability as described in the public reporting.
Historical context inside Oracle E-Business and PeopleSoft
This is not the first time critically rated flaws in Oracle's enterprise suites have been weaponized. Late last year, CVE-2025-61882 (CVSS score: 9.8), a different critical flaw in the E-Business Suite, was "weaponized by threat actors linked to the Cl0p ransomware operation," with early attacks launched as far back as August 2025. Earlier this month, Oracle addressed a critical missing authentication zero-day in PeopleSoft Suite (CVE-2026-35273, CVSS score: 9.8) that was "actively exploited in ShinyHunters data theft and extortion attacks." Those precedents frame CVE-2026-46817 in a recent pattern of high-severity flaws in Oracle products being targeted in the wild.
What this means for technologists, affected enterprises, and adversaries
- Technologists and security teams: The vulnerability applies to Oracle Payments within E-Business Suite installations running versions 12.2.3–12.2.15, and Oracle has released patches as part of its most recent Critical Security Patch Update. Defused Cyber's honeypot observations confirm active exploitation of the flaw.
- Affected enterprises and procurement leaders: Organizations that operate Oracle E-Business Suite with Oracle Payments should reconcile their installed versions against the 12.2.3–12.2.15 range identified and note that vendor patches were shipped last month.
- Adversaries and researchers: Defused Cyber reported no previously known exploitation and no public proof-of-concept code prior to the observed activity; however, the firm documented an actor exploiting the vulnerability on its honeypots "over the weekend," indicating at least some actors have weaponized CVE-2026-46817 in practice.
The immediate facts are straightforward: a critical, high-scoring authentication and privilege-management flaw in Oracle Payments exists (CVE-2026-46817), patches have been published, and online exploitation has been observed on honeypots. What remains to be detailed publicly are the exact exploitation method, the attackers' identities or motives, and whether broader compromise of production systems has occurred. For now, the record links this event to a recent string of high-severity vulnerabilities in Oracle enterprise products that have seen active abuse.
Original reporting: https://thehackernews.com/2026/06/oracle-e-business-suite-flaw-cve-2026.html
