A critical vulnerability (CVE-2026-46817) in Oracle E-Business Suite has been actively exploited by attackers, allowing unauthenticated access to Oracle Payments systems. This flaw, with a CVSS score of 9.8, affects versions 12.2.3 to 12.2.15. Though Oracle has issued a patch, the flaw had no known prior exploitation or public proof-of-concept code available. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is also monitoring related vulnerabilities. The issue underscores the importance of timely patching, especially in a landscape where zero-day exploits can affect large numbers of organizations.
Attackers actively exploit the Oracle E-Business Suite flaw CVE-2026-46817
CyberSIXT Evidence Panel
Article by CyberSIXT
Timeline Coverage
Swipe to explore timeline
-
Attackers actively exploit the Oracle E-Business Suite flaw CVE-2026-46817
securityaffairs.com
-
Oracle E-Business Suite Flaw CVE-2026-46817 Actively Exploited in the Wild
cybersixt.com
-
Oracle PeopleSoft flaw lets attackers bypass auth, CVE-2026-35273
-
Codex Rate Limit Reset: OpenAI Introduces Flexible Limits
-
CVE-2026-35273 flaw lets attackers wipe Wazuh logs via PeopleSoft
-
UEFI shim bug CVE-2026-35273 enables Secure Boot bypass
-
CISA warns of Oracle PeopleSoft zero day exploit CVE-2026-35273
-
CISA Adds Oracle PeopleSoft Flaw CVE-2026-35273 to KEV Catalog
-
ShinyHunters Uses Oracle Zero-Day to Rampage Higher Ed
-
CISA Flags CVE-2026-35273 in PeopleSoft, Orders Patch by June 15
-
ShinyHunters exploit PeopleSoft flaw CVE-2026-35273, hit 100 unis
-
CISA flags Oracle PeopleSoft bug CVE-2026-35273 in KEV catalog
-
ShinyHunters Exploits Oracle PeopleSoft Flaw Leaks Data Worldwide
-
Active Exploitation of Oracle PeopleSoft Zero-Day (CVE-2026-35273)
-
CVE-2026-35273 flaw used in ShinyHunters attack on universities