logo

Attackers actively exploit the Oracle E-Business Suite flaw CVE-2026-46817

ID: b1515bf5-bdc3-5da5-b32c-4c8a2b8b85fd

STIX ID: report--b1515bf5-bdc3-5da5-b32c-4c8a2b8b85fd

Feed Name: Security Affairs

Threat Score
85/100

Date Published: 2026-06-30

Date Updated: 2026-07-02

Author: Pierluigi Paganini

...
...

Attackers are actively exploiting a critical Oracle E-Business Suite flaw (CVE-2026-46817, CVSS 9.8) that permits unauthenticated HTTP takeover of Oracle Payments (versions 12.2.3–12.2.15); Defused Cyber observed exploitation on honeypots and Oracle released a patch in its most recent Critical Patch Update. The report also highlights a separate actively exploited PeopleSoft PeopleTools RCE (CVE-2026-35273) linked to a ShinyHunters campaign affecting numerous organizations as reported by Mandiant and Google TAG.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.