Close Menu

    Subscribe to Updates

    Get the latest creative news from infofortech

    What's Hot

    TuxBot v3 Evolution Shows Signs of LLM-Assisted IoT Botnet Development

    July 16, 2026

    Outcome-Based Pricing For B2B SaaS: The Model Where Your Revenue Depends On Whether You Actually Deliver

    July 16, 2026

    Haptic Bass Meets Whisper-Quiet ANC

    July 16, 2026
    Facebook X (Twitter) Instagram
    InfoForTech
    • Home
    • Latest in Tech
    • Artificial Intelligence
    • Cybersecurity
    • Innovation
    Facebook X (Twitter) Instagram
    InfoForTech
    Home»Cybersecurity»Oracle E-Business Suite Flaw CVE-2026-46817 Actively Exploited in the Wild
    Cybersecurity

    Oracle E-Business Suite Flaw CVE-2026-46817 Actively Exploited in the Wild

    InfoForTechBy InfoForTechJune 30, 2026No Comments3 Mins Read
    Facebook Twitter Pinterest Telegram LinkedIn Tumblr WhatsApp Email
    Oracle E-Business Suite Flaw CVE-2026-46817 Actively Exploited in the Wild
    Share
    Facebook Twitter LinkedIn Pinterest Telegram Email


    Ravie LakshmananJun 30, 2026Vulnerability / Enterprise Software

    A critical security flaw impacting Oracle E-Business Suite has come under active exploitation in the wild, according to Defused Cyber.

    The vulnerability, tracked as CVE-2026-46817 (CVSS score: 9.8), refers to an improper privilege management and authentication flaw in Oracle Payments that could be abused to take over susceptible instances.

    “Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Payments,” according to a description of the flaw in the NIST National Vulnerability Database (NVD). “Successful attacks of this vulnerability can result in the takeover of Oracle Payments.”

    The shortcoming impacts versions from 12.2.3 through 12.2.15. Patches for the flaw were shipped by Oracle as part of its Critical Security Patch Update last month.

    CVE-2026-46817 has since come under active exploitation, with Defused Cyber noting on Monday that “over the weekend, we observed an actor exploiting the vulnerability on our Oracle E-Business honeypots,” adding “this vulnerability has no known previous exploitation and no public PoC [proof-of-concept] code exists.”

    That said, there are currently no details available on how the security flaw is being exploited, who is behind them, and if it’s part of a broader opportunistic or targeted campaign aimed at unpatched systems.

    Late last year, another critical flaw in the same product (CVE-2025-61882, CVSS score: 9.8) was weaponized by threat actors linked to the Cl0p ransomware operation, with early attacks launched as far back as August 2025.

    Earlier this month, the company addressed a critical missing authentication zero-day vulnerability in PeopleSoft Suite (CVE-2026-35273, CVSS score: 9.8) that was actively exploited in ShinyHunters data theft and extortion attacks.

    Automaker Nissan has since acknowledged that it was among those impacted, stating it was the victim of a break-in that involved the exploitation of the PeopleSoft flaw, potentially exposing payroll records, bank details, Social Security numbers, and other personal and financial data belong to its employees in the U.S., Canada, Mexico, and Brazil.

    “What stood out was that CVE-2026-35273 isn’t just another trivial, easy-to-exploit single-request vulnerability,” Jake Knott, principal security researcher at watchTowr, said in a statement. “The attack chain is considerably more involved, combining multiple vulnerabilities to plant a malicious file that doesn’t execute immediately but waits until the server restarts.”

    “Where we would normally see simple bugs, this is a chain of multiple vulnerabilities, suggestive of a threat actor with genuine knowledge of and familiarity with the underlying codebase, and the ability to develop targeted capabilities against it.”

    Knott also pointed out that threat actors are exploiting vulnerabilities faster than ever before, urging organizations to  assume compromise and activate incident response processes to determine whether access was obtained before patches were applied, what was accessed, and whether persistence was established.

    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
    InfoForTech
    • Website

    Related Posts

    TuxBot v3 Evolution Shows Signs of LLM-Assisted IoT Botnet Development

    July 16, 2026

    Firefox, Chrome, Adobe, and VMware Updates Fix Multiple Critical Security Flaws

    July 15, 2026

    Troy Hunt: Weekly Update 512: IoT Lockout Fail

    July 15, 2026

    Microsoft Patches Record 622 Flaws, Including Two Zero-Days Under Active Attack

    July 15, 2026

    U.S. Sanctions First VPN Service and Malware Cryptor Seller Over Ransomware Support

    July 14, 2026

    CrashStealer macOS Malware Uses Notarized Dropper to Pass Gatekeeper Checks

    July 13, 2026
    Leave A Reply Cancel Reply

    Advertisement
    Top Posts

    DoJ Disrupts 3 Million-Device IoT Botnets Behind Record 31.4 Tbps Global DDoS Attacks

    March 20, 202638 Views

    Microsoft is bringing an AI helper to Xbox consoles

    March 14, 202618 Views

    Why Security Validation Is Becoming Agentic

    March 16, 202616 Views

    This is the tech that makes Volvo’s latest EV a major step forward

    January 24, 202616 Views
    Stay In Touch
    • Facebook
    • Twitter
    • Pinterest
    • Instagram
    • YouTube
    • Vimeo
    Advertisement
    About Us
    About Us

    Our mission is to deliver clear, reliable, and up-to-date information about the technologies shaping the modern world. We focus on breaking down complex topics into easy-to-understand insights for professionals, enthusiasts, and everyday readers alike.

    We're accepting new partnerships right now.

    Facebook X (Twitter) YouTube
    Most Popular

    DoJ Disrupts 3 Million-Device IoT Botnets Behind Record 31.4 Tbps Global DDoS Attacks

    March 20, 202638 Views

    Microsoft is bringing an AI helper to Xbox consoles

    March 14, 202618 Views

    Why Security Validation Is Becoming Agentic

    March 16, 202616 Views
    Categories
    • Artificial Intelligence
    • Cybersecurity
    • Innovation
    • Latest in Tech
    © 2026 All Rights Reserved InfoForTech.
    • Home
    • About Us
    • Contact Us
    • Privacy Policy

    Type above and press Enter to search. Press Esc to cancel.

    Ad Blocker Enabled!
    Ad Blocker Enabled!
    Our website is made possible by displaying online advertisements to our visitors. Please support us by disabling your Ad Blocker.