Bottom Line: CVE-2026-46817 in Oracle E-Business Suite is already being exploited by attackers and enables complete takeover of affected systems by bypassing authentication and privilege control mechanisms.
A critical vulnerability in Oracle E-Business Suite is already being actively exploited in the wild, according to Defused Cyber. The security flaw designated CVE-2026-46817 (CVSS 9.8) allows unauthorized privilege escalation in Oracle Payments.
Security researchers at Defused Cyber have confirmed that the vulnerability CVE-2026-46817 is actively being exploited in the wild. The vulnerability affects Oracle E-Business Suite and is classified as critical with a CVSS score of 9.8.
The security flaw lies in Oracle Payments and involves faulty privilege management and authentication issues. This combination allows attackers to take over vulnerable instances.
CISOs with Oracle E-Business Suite in their infrastructure should prioritize reviewing these systems and conducting a risk assessment. Patches should be scheduled for immediate deployment. In parallel, it is recommended to monitor Oracle systems for suspicious authentication and authorization activities as well as unexpected privilege escalations in the payment modules.
Source: thehackernews.com · Published June 30, 2026
Lumi AI News — AI-assisted curation pursuant to Art. 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.7.2.