logo

Oracle EBS Flaw CVE-2026-46817 Exposes Oracle Payments to Takeover

ID: 2b7a0e2b-c5b2-59ae-aef0-a2c7b1a15faf

STIX ID: report--2b7a0e2b-c5b2-59ae-aef0-a2c7b1a15faf

Feed Name: SOCRadar Blog

Threat Score
78/100

Date Published: 2026-06-30

Date Updated: 2026-07-02

Author: ameer

...
...

This report describes CVE-2026-46817, a critical (CVSS 9.8) unauthenticated vulnerability in Oracle E-Business Suite Payments File Transmission affecting versions 12.2.3–12.2.15; limited exploitation attempts were observed in late June 2026. It urges immediate application of Oracle's May 2026 CPU, reducing HTTP exposure (VPN/reverse proxy/segmentation), adding targeted monitoring for Payments-related paths (e.g., /OA_HTML/ibytransmit and XML POSTs), and preparing incident response measures for potential takeover of Oracle Payments.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.