Threat actors have started exploiting a critical vulnerability in Oracle E-Business Suite (EBS), threat intelligence firm Defused warns.
Tracked as CVE-2026-46817 (CVSS score of 9.8), the issue was identified in the File Transmissions component of E-Business Suite’s Payments product.
According to Oracle, unauthenticated attackers can exploit the security defect over HTTP to compromise Payments.
“Successful attacks of this vulnerability can result in takeover of Oracle Payments,” Oracle notes.
CVE-2026-46817 was resolved in late May as part of Oracle’s first monthly Critical Security Patch Update (CSPU), which addressed 77 vulnerabilities.








