All Topics
All Topics
Technology
Technology
AI
AI
Business
Business
Entertainment
Entertainment
News
News
Programming
Programming
Security
Security
Science
Science
Design
Design
Environment
Environment
Finance
Finance
Crypto
Crypto
Politics
Politics
Sports
Sports
Education
Education
Gaming
Gaming
Art
Art
Music
Music
Health
Health
Books
Books
Food
Food
Travel
Travel
Personal
Personal
Bluesky
Twitter

Critical Oracle E-Business Suite Vulnerability CVE-2026-46817 (CVSS 9.8) Actively Exploited

3h ago· 2 min readenNews
technologycybersecuritynewsvulnerability disclosure

Summary

A critical vulnerability (CVE-2026-46817) in Oracle E-Business Suite, carrying a CVSS score of 9.8, is being actively exploited in the wild. The flaw involves improper privilege management and authentication in Oracle Payments, affecting versions 12.2.3 through 12.2.15. Oracle released patches in its latest Critical Security Patch Update, but Defused Cyber observed exploitation on its honeypots over the weekend. No details are available on exploitation methods or the threat actors involved. This follows the earlier weaponization of CVE-2025-61882 by Cl0p-linked groups.

Source

bskyCritical Oracle E-Business Suite Vulnerability CVE-2026-46817 (CVSS 9.8) Actively Exploitedbriefly.co

Key quotes

· 3 pulled
CVE-2026-46817 carries a CVSS score of 9.8 and involves improper privilege management and authentication in Oracle Payments.
Defused Cyber observed an actor exploiting the vulnerability on its Oracle E-Business honeypots over the weekend.
No details are available on exploitation methods, responsible parties, or whether activity targets unpatched systems broadly or opportunistically.
Snippet from the RSS feed
CVE-2026-46817 is a critical Oracle Payments flaw actively exploited in the wild, enabling unauthenticated network access over HTTP to take over vulnerable instances.

You might also wanna read

Critical Security Vulnerability CVE-2025-66478 in React Server Components Protocol

A critical security vulnerability (CVE-2025-66478) has been discovered in the React Server Components (RSC) protocol with a CVSS score of 10

nextjs.org·6mo ago

Critical Redis Security Vulnerability CVE-2025-49844 Allows Remote Code Execution

Redis has identified and fixed a critical security vulnerability (CVE-2025-49844) that allows authenticated users to execute remote code thr

redis.io·8mo ago

Critical Redis Vulnerability (CVE-2025-49844) Allows Remote Code Execution with Maximum CVSS Score

Wiz Research has discovered a critical remote code execution vulnerability (CVE-2025-49844, nicknamed #RediShell) in Redis, the widely used

wiz.io·8mo ago

Analysis of Critical .NET Vulnerability CVE-2025-55315: HTTP Request Smuggling Explained

This article provides an in-depth technical analysis of CVE-2025-55315, a critical .NET vulnerability with a CVSS score of 9.9. The author e

andrewlock.net·8mo ago

Analysis of Critical .NET Vulnerability CVE-2025-55315: HTTP Request Smuggling Explained

This article provides an in-depth technical analysis of CVE-2025-55315, a critical .NET vulnerability with a CVSS score of 9.9. The author e

andrewlock.net·8mo ago

Critical Security Vulnerability in React Server Components (CVE-2025-55182) Allows Remote Code Execution

The React team disclosed a critical security vulnerability (CVE-2025-55182) rated CVSS 10.0 that allows unauthenticated remote code executio

react.dev·6mo ago

CVE-2026-48800 Bypass: Path Traversal Vulnerability Discovered in Notepad++ v8.9.6.1

A security vulnerability (CVE-2026-48800 bypass) has been discovered in Notepad++ v8.9.6.1, the latest patched version. The vulnerability in

github.com·19d ago

Comments

Sign in to join the conversation.

No comments yet. Be the first.