THE U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog: CVE-2023-4346 related to the KNX Protocol and CVE-2026-46817 affecting Oracle E-Business Suite. The KNX vulnerability (CVSS score 7.5) allows an attacker with access to lock devices, causing availability issues. Oracle's flaw enables unauthenticated system takeovers over HTTP, with CISA urging immediate patch application. Federal agencies must resolve these issues by specified deadlines (July 18, 2026 for Oracle and July 29, 2026 for KNX) to protect their networks.
U.S. CISA adds KNX Association KNX Protocol Connection Authorization Option 1 and Oracle flaws to its Known Exploited Vulnerabilities catalog
CyberSIXT Evidence Panel
Article by CyberSIXT
Timeline Coverage
Swipe to explore timeline
-
U.S. CISA adds KNX Association KNX Protocol Connection Authorization Option 1 and Oracle flaws to its Known Exploited Vulnerabilities catalog
securityaffairs.com
-
CISA alerts on active KNX flaw CVE‑2023‑4346, urges action
cybersixt.com
-
CISA flags Oracle E‑Business Suite flaw CVE‑2026‑46817 in KEV
cybersixt.com
-
CISA alerts on active KNX flaw CVE‑2023‑4346, urges action
cybersixt.com
-
CISA Adds CVE-2026-46817 to Known Exploited Vulnerabilities Catalogue
cybersixt.com
-
Oracle EBS flaw CVE-2026-46817 under attack, 950 systems exposed
cybersixt.com
-
Exploitation of Recent Oracle E-Business Suite Vulnerability Begins
cybersixt.com
-
Attackers actively exploit the Oracle E-Business Suite flaw CVE-2026-46817
cybersixt.com
-
Oracle E-Business Suite Flaw CVE-2026-46817 Actively Exploited in the Wild
cybersixt.com