Oracle E-Business Suite Flaw CVE-2026-46817 Actively Exploited in the Wild

A critical security flaw impacting Oracle E-Business Suite has come under active exploitation in the wild, according to Defused Cyber. The vulnerability, tracked as CVE-2026-46817 (CVSS score: 9.8), refers to an improper privilege management and authentication flaw in Oracle Payments that could be abused to take over susceptible instances. "Easily exploitable vulnerability allows

Report facts: The article describes CVE-2026-46817, a critical Oracle E-Business Suite / Oracle Payments vulnerability in the File Transmission component (versions 12.2.3–12.2.15) that is being actively exploited in the wild, allowing unauthenticated remote attackers over HTTP to fully compromise Oracle Payments with a CVSS 3.1 score of 9.8, impacting confidentiality, integrity, and availability.[2][3][4][6] Defused Cyber and other threat intelligence sources have observed real-world attack activity against internet-exposed Oracle EBS instances, including hundreds of systems used by enterprises, governments, universities, and financial institutions.[1][2][8] CyberSE.AI analysis: For organizations using Oracle EBS in financial workflows or integrating it with AI-driven payment, fraud-detection, or ERP agents, this vulnerability significantly raises the risk that a compromised payments backend could be misused to manipulate AI-driven financial decisions, feed poisoned transaction data into AI models, or exfiltrate sensitive financial records. Practical implication: AI and security teams should treat Oracle EBS/Payments as a critical dependency in their AI risk model, verify patch