Close Menu
  • Home
  • News
  • Cyber Security
  • Internet of Things
  • Tips and Advice

Subscribe to Updates

Get the latest creative news from FooBar about art, design and business.

What's Hot

Progress Kemp LoadMaster Flaw Could Let Attackers Run Root Commands Pre-Auth

July 5, 2026

Oracle E-Business Suite Flaw CVE-2026-46817 Actively Exploited in the Wild

July 5, 2026

WhatsApp is Finally Getting Usernames to Help Keep Phone Numbers Private

July 4, 2026
Facebook X (Twitter) Instagram
Sunday, July 5
Facebook X (Twitter) Instagram Pinterest Vimeo
Cyberwire Daily
  • Home
  • News
  • Cyber Security
  • Internet of Things
  • Tips and Advice
Cyberwire Daily
Home»News»Oracle E-Business Suite Flaw CVE-2026-46817 Actively Exploited in the Wild
News

Oracle E-Business Suite Flaw CVE-2026-46817 Actively Exploited in the Wild

Team-CWDBy Team-CWDJuly 5, 2026No Comments3 Mins Read
Share Facebook Twitter Pinterest LinkedIn Tumblr Reddit Telegram Email
Share
Facebook Twitter LinkedIn Pinterest Email


A critical security flaw impacting Oracle E-Business Suite has come under active exploitation in the wild, according to Defused Cyber.

The vulnerability, tracked as CVE-2026-46817 (CVSS score: 9.8), refers to an improper privilege management and authentication flaw in Oracle Payments that could be abused to take over susceptible instances.

“Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Payments,” according to a description of the flaw in the NIST National Vulnerability Database (NVD). “Successful attacks of this vulnerability can result in the takeover of Oracle Payments.”

The shortcoming impacts versions from 12.2.3 through 12.2.15. Patches for the flaw were shipped by Oracle as part of its Critical Security Patch Update last month.

CVE-2026-46817 has since come under active exploitation, with Defused Cyber noting on Monday that “over the weekend, we observed an actor exploiting the vulnerability on our Oracle E-Business honeypots,” adding “this vulnerability has no known previous exploitation and no public PoC [proof-of-concept] code exists.”

That said, there are currently no details available on how the security flaw is being exploited, who is behind them, and if it’s part of a broader opportunistic or targeted campaign aimed at unpatched systems.

Late last year, another critical flaw in the same product (CVE-2025-61882, CVSS score: 9.8) was weaponized by threat actors linked to the Cl0p ransomware operation, with early attacks launched as far back as August 2025.

Earlier this month, the company addressed a critical missing authentication zero-day vulnerability in PeopleSoft Suite (CVE-2026-35273, CVSS score: 9.8) that was actively exploited in ShinyHunters (aka SHADOW-AETHER-015) data theft and extortion attacks.

“The notable property of this vulnerability is not its impact, but its near-total lack of observability,” Trend Micro said. “The final code-execution step runs through Java’s XMLDecoder inside the application server’s own Java virtual machine (JVM), fires on a restart rather than on the inbound request, and needs no child process and no outbound beacon to succeed. A defender watching the usual places sees a quiet system.”

Automaker Nissan has since acknowledged that it was among those impacted, stating it was the victim of a break-in that involved the exploitation of the PeopleSoft flaw, potentially exposing payroll records, bank details, Social Security numbers, and other personal and financial data belong to its employees in the U.S., Canada, Mexico, and Brazil.

“What stood out was that CVE-2026-35273 isn’t just another trivial, easy-to-exploit single-request vulnerability,” Jake Knott, principal security researcher at watchTowr, said in a statement. “The attack chain is considerably more involved, combining multiple vulnerabilities to plant a malicious file that doesn’t execute immediately but waits until the server restarts.”

“Where we would normally see simple bugs, this is a chain of multiple vulnerabilities, suggestive of a threat actor with genuine knowledge of and familiarity with the underlying codebase, and the ability to develop targeted capabilities against it.”

Knott also pointed out that threat actors are exploiting vulnerabilities faster than ever before, urging organizations to  assume compromise and activate incident response processes to determine whether access was obtained before patches were applied, what was accessed, and whether persistence was established.



Source

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
Previous ArticleWhatsApp is Finally Getting Usernames to Help Keep Phone Numbers Private
Next Article Progress Kemp LoadMaster Flaw Could Let Attackers Run Root Commands Pre-Auth
Team-CWD
  • Website

Related Posts

News

Progress Kemp LoadMaster Flaw Could Let Attackers Run Root Commands Pre-Auth

July 5, 2026
News

WhatsApp is Finally Getting Usernames to Help Keep Phone Numbers Private

July 4, 2026
News

Malicious Perplexity Chrome Extension Intercepted Searches and Address Bar Input

July 4, 2026
Add A Comment
Leave A Reply Cancel Reply

Latest News

North Korean Hackers Turn JSON Services into Covert Malware Delivery Channels

November 24, 202522 Views

macOS Stealer Campaign Uses “Cracked” App Lures to Bypass Apple Securi

September 7, 202517 Views

North Korean Hackers Target Crypto Firms with ClickFix and Zoom Lures

April 29, 202610 Views

Why SOC Burnout Can Be Avoided: Practical Steps

November 14, 20259 Views

Cyber M&A Roundup: Cyber Giants Strengthen AI Security Offerings

December 1, 20258 Views
Stay In Touch
  • Facebook
  • YouTube
  • TikTok
  • WhatsApp
  • Twitter
  • Instagram
Most Popular

North Korean Hackers Turn JSON Services into Covert Malware Delivery Channels

November 24, 202522 Views

macOS Stealer Campaign Uses “Cracked” App Lures to Bypass Apple Securi

September 7, 202517 Views

North Korean Hackers Target Crypto Firms with ClickFix and Zoom Lures

April 29, 202610 Views
Our Picks

Drowning in spam or scam emails lately? Here’s why

January 27, 2026

Here’s what you should know

February 6, 2026

It’s all fun and games until someone gets hacked

September 26, 2025

Subscribe to Updates

Get the latest news from cyberwiredaily.com

Facebook X (Twitter) Instagram Pinterest
  • Home
  • Contact
  • Privacy Policy
  • Terms of Use
  • California Consumer Privacy Act (CCPA)
© 2026 All rights reserved.

Type above and press Enter to search. Press Esc to cancel.