All Topics
All Topics
Technology
Technology
AI
AI
Business
Business
Entertainment
Entertainment
News
News
Programming
Programming
Security
Security
Science
Science
Design
Design
Environment
Environment
Finance
Finance
Crypto
Crypto
Politics
Politics
Sports
Sports
Education
Education
Gaming
Gaming
Art
Art
Music
Music
Health
Health
Books
Books
Food
Food
Travel
Travel
Personal
Personal
Bluesky
Twitter

Attackers exploit critical Oracle E-Business Suite flaw weeks after patch, before public exploit code emerged

By

Carly Page

2d ago· 2 min readenNews

Summary

Attackers have been actively exploiting a critical vulnerability (CVE-2026-46817, CVSS 9.8) in Oracle E-Business Suite's Payments module just six weeks after Oracle released a patch. Researchers at Defused observed the first exploitation on June 27, targeting the Oracle Payments File Transmission component in releases 12.2.3 through 12.2.15. Notably, the attacks occurred before any public proof-of-concept exploit code was available, suggesting attackers reverse-engineered Oracle's patch to develop their own exploit.

Source

bskyAttackers exploit critical Oracle E-Business Suite flaw weeks after patch, before public exploit code emergedtheregister.com

Key quotes

· 3 pulled
Attackers have been caught exploiting a critical flaw in Oracle E-Business Suite's Payments module just six weeks after Oracle patched it – and before any public proof-of-concept exploit was available.
Researchers at Defused said they observed the first known exploitation of CVE-2026-46817 on June 27.
Attackers appear to have reverse-engineered Big Red's patch
Snippet from the RSS feed
Attackers appear to have reverse-engineered Big Red's patch

You might also wanna read

Comments

Sign in to join the conversation.

No comments yet. Be the first.