securityaffairs.com 7/17/2026, 8:41:41 AM · external

U.S. CISA adds KNX Association KNX Protocol Connection Authorization Option 1 and Oracle flaws to its Known Exploited Vulnerabilities catalog

U.S. CISA adds KNX Association KNX Protocol Connection Authorization Option 1 and Oracle flaws to its Known Exploited Vulnerabilities catalog
Developing story vulnerability 9 articles tracked
CISA adds KNX protocol flaw CVE-2023-4346 to Known Exploited Vulnerabilities catalogue
CyberSIXT Evidence Panel
Primary Source cisa.gov
CISA KEV Listed in KEV
Patch Patch Available

THE U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog: CVE-2023-4346 related to the KNX Protocol and CVE-2026-46817 affecting Oracle E-Business Suite. The KNX vulnerability (CVSS score 7.5) allows an attacker with access to lock devices, causing availability issues. Oracle's flaw enables unauthenticated system takeovers over HTTP, with CISA urging immediate patch application. Federal agencies must resolve these issues by specified deadlines (July 18, 2026 for Oracle and July 29, 2026 for KNX) to protect their networks.

View Primary Source Via securityaffairs.com

Article by CyberSIXT

Timeline Coverage

Swipe to explore timeline