🔴 Critical | Source: The Hacker News
A critical vulnerability in Oracle E-Business Suite’s Payments module (CVE-2026-46817, CVSS 9.8) is being actively exploited in the wild. The flaw allows unauthenticated attackers to abuse improper privilege management to fully compromise affected instances. Active exploitation significantly raises the risk for any organisation running unpatched versions of Oracle EBS.
Security Architect’s Take: Audit your Oracle E-Business Suite deployments immediately and apply Oracle’s patch for CVE-2026-46817 as an emergency priority. If patching cannot be completed immediately, consider restricting network access to Oracle Payments endpoints at the perimeter and review audit logs for anomalous privilege escalation activity.
Original advisory: Oracle E-Business Suite Flaw CVE-2026-46817 Actively Exploited in the Wild