Advertisement
Security

CISA Adds Actively Exploited Oracle E-Business Suite Flaw to KEV

An improper privilege management vulnerability in Oracle E-Business Suite is currently being exploited in the wild, risking full takeover of Oracle Payments.

··1 hour ago·1 min read
Matrix movie still
Photo by Markus Spiske on Unsplash
Advertisement

CISA has added CVE-2026-46817 to its Known Exploited Vulnerabilities catalog, confirming that the flaw is being actively targeted. The vulnerability exists within Oracle E-Business Suite and stems from improper privilege management, categorized under CWE-269, CWE-287, and CWE-306. It allows unauthenticated attackers with network access via HTTP to compromise the Oracle Payments component.

Successful exploitation of this vulnerability can lead to a complete takeover of Oracle Payments. Federal agencies are required to apply vendor-provided mitigations by July 18, 2026, in accordance with CISA’s BOD 26-04. Organizations should evaluate their assets for internet exposure and strictly follow the mandated patching and forensics triage requirements to secure their environments.

#cve-2026-46817#oracle#vulnerability#cisa#security

Xploitwire Editorial Team

Xploitwire Newsroom

This article was researched and drafted with AI assistance and reviewed by our editorial team before publication. About Xploitwire →

← Back to all stories
Advertisement