Over 900 Oracle E-Business instances exposed to ongoing attacks

Over 900 Oracle E-Business instances exposed to ongoing attacks, prompting urgent patching by users.

In a disturbing trend that continues to unfold, more than 900 instances of Oracle’s E-Business Suite (EBS) have been discovered online and left vulnerable to attacks. The vulnerability, tracked as CVE-2026-46817, resides in the File Transmission component of EBS’s Oracle Payments product. This flaw allows malicious actors with minimal privileges and access to exploit the system through low-complexity attacks.

The threat landscape has become increasingly concerning for Oracle users, with multiple instances of its products being targeted by attackers. In recent months, we’ve seen a string of high-profile breaches and attacks on various Oracle systems. For instance, in May 2026, Nissan warned that a data breach had affected current and former employees due to the compromise of its Oracle PeopleSoft instance.

Another worrying aspect is the increasing involvement of ransomware gangs in exploiting these vulnerabilities. CISA has added an alarming 44 vulnerabilities across various Oracle products to its catalog of actively exploited flaws since November 2021, with 13 being abused by these malicious actors.

The good news is that Oracle released a patch for this vulnerability as part of its May 2026 Critical Security Patch Update. However, the company’s prompt response has not been matched by many users who remain unpatched and exposed to ongoing attacks. According to threat intelligence firm Defuse, at least one attacker has been spotted exploiting CVE-2026-46817 on Oracle E-Business honeypots over the weekend.

The sheer number of exposed instances is staggering. Shadowserver reports tracking around 950 Oracle EBS instances online, with no information available on how many have secured their systems against these attacks. The lack of patching has created a ticking time bomb for organizations that rely on Oracle products, leaving them vulnerable to unauthorized access and potential data breaches.

The recent spate of high-severity vulnerabilities in Oracle products serves as a stark reminder of the importance of timely patching and vulnerability management. It’s essential for security teams to stay vigilant and prioritize updates, even if they seem complex or challenging to implement. The long-term consequences of neglecting these critical patches can be devastating.

In light of this ongoing threat, it’s crucial that Oracle users take immediate action to protect their systems. Apply the available patch as soon as possible to prevent potential attacks from succeeding. Regularly review your security posture and ensure all layers are secured against emerging threats. By taking proactive steps, you’ll significantly reduce the risk of falling victim to these vulnerabilities and ensure a more secure digital environment for your organization.


Source: Bleeping Computer — 2026-07-01