Oracle E-Business Suite CVE-2026-46817 Under Active Exploitation
Critical unauthenticated HTTP takeover vulnerability in Oracle EBS File Transmission component now exploited in the wild; 450+ exposed instances tracked online.
Attack Brief
TargetOracle E-Business Suite (EBS) - Oracle Payments File Transmission componentVectorUnauthenticated HTTP remote code execution / system takeover via unpatched vulnerability
Technical Details
CVE IDsCVE-2026-46817AffectedOracle E-Business Suite instances not patched with May 2026 Critical Security Patch Update
Impact
Affected Organisations450+ Oracle EBS instances exposed online; nearly 200 in United States and EuropeConfirmed DamageActive exploitation observed on honeypots over weekend of June 28-29, 2026; no public PoC code previously availableGeographyUnited StatesEurope
Mitigation
PatchesOracle May 2026 Critical Security Patch Update
Context
Similar AttacksClop extortion gang previously exploited CVE-2025-61882 in Oracle EBS zero-day attacks targeting U.S. universities including Harvard University and University of Pennsylvania