๐ฅ This vulnerability is being actively exploited in the wild (CISA Known Exploited Vulnerabilities catalog)
CVE-2026-46817: Oracle E-Business Suite Improper Privilege Management Vulnerability
Summary
Oracle E-Business Suite has a vulnerability in its privilege management (the system controlling who can access what features) that allows attackers without credentials to access Oracle Payments over the internet and take it over. This flaw is actively being exploited by attackers in the wild.
Solution / Mitigation
Apply mitigations according to vendor instructions from Oracle's security alerts, following CISA's BOD 26-04 guidance for prioritizing security updates. If mitigations are unavailable, discontinue use of the product. The patch deadline is July 18, 2026.
Vulnerability Details
EPSS: 0.7%
Yes
๐ฅ Actively Exploited
July 14, 2026
Classification
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-46817
First tracked: July 15, 2026 at 02:01 PM
Classified by LLM (prompt v3) ยท confidence: 95%