Critical severity9.8NVD Advisory· Published May 28, 2026· Updated Jun 4, 2026
CVE-2026-46817
CVE-2026-46817
Description
Vulnerability in the Oracle Payments product of Oracle E-Business Suite (component: File Transmission). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Payments. Successful attacks of this vulnerability can result in takeover of Oracle Payments. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
Affected products
3cpe:2.3:a:oracle:e-business_suite:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:oracle:e-business_suite:*:*:*:*:*:*:*:*range: >=12.2.3,<=12.2.15
- (no CPE)range: 12.2.3-12.2.15
- Range: 12.2.3-12.2.15
Patches
Vulnerability mechanics
References
1- www.oracle.com/security-alerts/cspumay2026.htmlnvdVendor Advisory
News mentions
12- 6th July – Threat Intelligence ReportCheck Point Research · Jul 6, 2026
- Breach Roundup: DeepSeek Sparks Browser RansomwareGovInfoSecurity · Jul 5, 2026
- Week in review: SimpleHelp vulnerability exploited, Oracle EBS Payments flaw under attackHelp Net Security · Jul 5, 2026
- 900+ Oracle E-Business instances Exposed Online Amid Active Vulnerability ExploitationCyber Security News · Jul 2, 2026
- Oracle E-Business Suite was under attack via critical flaw before the public exploit code was even releasedThe Register Security · Jul 2, 2026
- Researchers spot exploitation of another critical Oracle defectCyberScoop · Jul 1, 2026
- Over 900 Oracle E-Business instances exposed to ongoing attacksBleepingComputer · Jul 1, 2026
- Oracle E-Business Suite Payments flaw under attack (CVE-2026-46817)Help Net Security · Jun 30, 2026
- Exploitation of Recent Oracle E-Business Suite Vulnerability BeginsSecurityWeek · Jun 30, 2026
- Oracle E-Business Suite Flaw CVE-2026-46817 Actively Exploited in the WildThe Hacker News · Jun 30, 2026
- Hackers Exploiting Critical Oracle E-Business Suite Vulnerability Actively in AttacksCyber Security News · Jun 29, 2026
- Hackers now exploit critical Oracle E-Business flaw in attacksBleepingComputer · Jun 29, 2026