Technology

Over 900 Oracle E-Business instances exposed to ongoing attacks

Bleeping Computer July 01, 2026 1 views
Over 900 Oracle E-Business instances exposed to ongoing attacks

Advertisement

Over 900 Oracle E-Business Suite (EBS) instances have been found exposed online amid ongoing attacks exploiting a critical security flaw.
The vulnerability (tracked as CVE-2026-46817) was found in the File Transmission component of EBS's Oracle Payments product and allows malicious actors without privileges and with HTTP network access to take over vulnerable systems through low-complexity attacks.
While the company has yet to flag this flaw as exploited in attacks, threat intelligence company Defused warned on Monday that threat actors are now actively exploiting it, with the first attempts spotted over the weekend.
"CVE-2026-46817 (CVSS 9.8 unauth HTTP takeover in Oracle E-Business) is being exploited. Over the weekend, we observed an actor exploiting the vulnerability on our Oracle E-Business honeypots. This vulnerability has no known previous exploitation and no public POC code exists," Defused noted.
Earlier today, internet security watchdog Shadowserver also warned that it tracks around 950 Oracle EBS instances exposed online. However, there is no information regarding how many of these systems have been secured against CVE-2026-46817 attacks.
Last month, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) also tagged a high-severity Oracle WebLogic Server flaw (CVE-2024-21182) patched two years ago as actively exploited in the wild.
Post a Comment Community Rules
You need to login in order to post a comment
Not a member yet? Register Now

<small>Source: Bleeping Computer</small>

How did this make you feel?

Advertisement

Category
Technology

Advertisement

🌙