The U.S. Cybersecurity and Infrastructure Safety Company (CISA) has ordered federal businesses to safe their methods by Saturday in opposition to ongoing assaults exploiting a crucial vulnerability within the Oracle E-Enterprise Suite (EBS) monetary software.
Found within the File Transmission element of EBS’s Oracle Funds product and tracked as CVE-2026-46817, this safety flaw permits unauthenticated risk actors with HTTP community entry to take over susceptible methods in low-complexity assaults.
Oracle launched safety updates to deal with the safety difficulty with its Might 2026 Essential Safety Patch Replace, urging prospects to patch their methods instantly.
“In some situations, it has been reported that attackers have been profitable as a result of focused prospects had failed to use accessible Oracle patches,” the corporate warned on the time. “Oracle subsequently strongly recommends that prospects stay on actively-supported variations and apply safety patches immediately.”
Whereas Oracle has not but flagged CVE-2026-46817 as exploited within the wild, risk intelligence firm Defused stated on June 29 that malicious actors had begun exploiting it within the wild.
“CVE-2026-46817 (CVSS 9.8 unauth HTTP takeover in Oracle E-Enterprise) is being exploited. Over the weekend, we noticed an actor exploiting the vulnerability on our Oracle E-Enterprise honeypots. This vulnerability has no identified earlier exploitation and no public POC code exists,” Defused famous.
Web safety watchdog Shadowserver now tracks over 1,000 Web-exposed Oracle EBS situations, greater than half of them in the USA. Nevertheless, there is no such thing as a info on what number of of them are honeypots or have already been secured in opposition to ongoing CVE-2026-46817 assaults.
.jpg)
On Wednesday, CISA additionally confirmed that hackers are actively exploiting the vulnerability, including it to its listing of identified exploited safety flaws, and ordering U.S. authorities businesses to patch susceptible Oracle EBS situations by Saturday, July 18, as mandated by Binding Operational Directive (BOD) 26-04.
“Oracle E-Enterprise Suite comprises an improper privilege administration vulnerability that enables an unauthenticated attacker with community entry through HTTP to compromise Oracle Funds. Profitable assaults of this vulnerability may end up in takeover of Oracle Funds,” CISA stated.
“Some of these vulnerabilities are frequent assault vectors for malicious cyber actors and pose vital dangers to the federal enterprise.”
In October, the cybersecurity company additionally ordered authorities businesses to patch an unauthenticated server-side request forgery (SSRF) vulnerability (CVE-2025-61884) in Oracle E-Enterprise Suite, after flagging it as actively exploited within the wild.
Extra not too long ago, in June, it ordered them to safe their methods in opposition to a high-severity Oracle WebLogic Server flaw (CVE-2024-21182) that was patched two years in the past and is now actively exploited in assaults.
Over the past a number of years, CISA has flagged 43 safety points throughout numerous Oracle merchandise which have been exploited within the wild, 12 of them additionally abused by ransomware gangs.
Safety groups log 54% of profitable assaults and alert on simply 14%. The remaining transfer via your surroundings unseen.
The Picus whitepaper exhibits how breach and assault simulation assessments your SIEM and EDR guidelines so threats cease slipping by detection.


