securityaffairs.com 7/1/2026, 8:11:56 PM · external

Oracle EBS flaw CVE-2026-46817 under attack, 950 systems exposed

Oracle EBS flaw CVE-2026-46817 under attack, 950 systems exposed
Developing story malware 17 articles tracked
Active exploitation of Oracle E-Business Suite and PeopleSoft flaws (CVE-2026-46817, CVE-2026-35273)
CyberSIXT Evidence Panel
Primary Source oracle.com
CVE Intel
CISA KEV Not in KEV
Patch Patch Available

A critical vulnerability in Oracle E-Business Suite, designated as CVE-2026-46817, is currently being exploited, with around 950 vulnerable systems exposed on the internet. The flaw allows unauthenticated attackers to take over affected systems. Oracle has advised customers to apply the necessary patches available from their recent Critical Patch Update. Despite active exploitation, details about the types of attacks or attackers' motivations have not been disclosed.

Internet monitoring by Shadowserver indicates that the majority of these vulnerable instances are based in the United States, and there is uncertainty regarding how many have been fixed. Organizations using Oracle EBS are urged to prioritize applying the patches and to consider removing any non-essential systems from internet exposure.

View Primary Source Via securityaffairs.com

Article by CyberSIXT

Timeline Coverage

Swipe to explore timeline