CyberSecurity News

Hackers now exploit critical Oracle E-Business flaw in attacks

BleepingComputer

· June 29, 2026

AI summary

A critical vulnerability in the Oracle E-Business Suite financial application is being exploited by attackers. The vulnerability, identified as CVE-2026-46817, is being targeted in ongoing attacks, as reported by threat intelligence company Defused.

Vulnerabilities mentioned

CVE-2026-46817

CRITICAL

CVSS 9.8

Vulnerability in the Oracle Payments product of Oracle E-Business Suite (component: File Transmission). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Payments. Successful attacks of this vulnerability can result in takeover of Oracle Payments. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Read the full article at BleepingComputerwww.bleepingcomputer.com/news/security/new-oracle-e-business-suite-flaw-now-exploited-in-attacks/

This is an AI-generated brief aggregated by HackerFeeds for convenience and grounded in the source’s own summary; the related CVE, threat-group and country data is from HackerFeeds’ own indexes. The original article is the authoritative source — all rights belong to BleepingComputer.