Over 900 Oracle E-Business instances exposed to ongoing attacks

Over 900 Oracle E-Business instances exposed to ongoing attacks, with malicious actors exploiting a critical security flaw that allows for low-complexity takeovers. The vulnerability, tracked as CVE-2026-46817, was patched by Oracle in May but has since been actively exploited, according to threat intelligence firm Defused.

Oracle’s E-Business Suite (EBS) is a widely used business software application that helps organizations manage various functions such as payments and financials. However, the File Transmission component of EBS’s Oracle Payments product contains a critical security flaw that allows attackers without privileges and with HTTP network access to take over vulnerable systems. This means that even if an attacker doesn’t have permission to access the system, they can still gain control through low-complexity attacks.

Defused warned on Monday that threat actors are actively exploiting this vulnerability, with the first attempts spotted over the weekend. “CVE-2026-46817 (CVSS 9.8 unauth HTTP takeover in Oracle E-Business) is being exploited,” Defused noted. The company also emphasized that there is no public POC code available for this exploit, making it even more concerning.

Shadowserver, an internet security watchdog, has also warned of the exposure, stating that they track around 950 Oracle EBS instances online, although it’s unclear how many have been secured against CVE-2026-46817 attacks. This is not an isolated incident; in recent months, Oracle has faced numerous security concerns, including a high-severity flaw in its WebLogic Server product and a critical zero-day vulnerability in PeopleSoft Suite.

The ongoing exploitation of this vulnerability highlights the importance of timely patching and vulnerability management. It’s essential for organizations that use Oracle EBS to review their systems immediately and apply the necessary patches to prevent potential takeovers. This is particularly crucial given the high severity of the CVE-2026-46817 exploit, with a CVSS score of 9.8.

As we’ve seen in recent months, many organizations have fallen victim to attacks exploiting Oracle vulnerabilities. To avoid becoming the next target, security teams must stay vigilant and prioritize patching and vulnerability management. It’s crucial to remember that even seemingly minor flaws can be exploited by malicious actors, leading to devastating consequences. By staying informed and proactive, organizations can reduce their risk of falling victim to such attacks.

In light of this ongoing threat, it’s essential for security teams to conduct regular vulnerability scans and apply patches promptly. This will not only help prevent potential takeovers but also demonstrate a proactive approach to security management. As the threat landscape continues to evolve, staying informed and adapting to emerging threats is crucial for protecting against such attacks.


Source: Bleeping Computer — 2026-07-01