Critical Oracle E-Business Flaw Exploited by Hackers in Cyber Attacks

Post Views: 7

Hackers are exploiting a critical Oracle E-Business Suite vulnerability, with Oracle urging immediate patching to mitigate risks.

Critical Vulnerability Details

Hackers are actively exploiting a critical vulnerability in the Oracle E-Business Suite, a financial management platform, according to threat intelligence firm Defused. The flaw, designated CVE-2026-46817, resides in the File Transmission component of Oracle Payments within the EBS framework. This security gap allows unauthorized actors with HTTP network access to compromise affected systems through low-complexity attacks. Oracle addressed the issue in its May 2026 Critical Security Patch Update, urging users to apply the fix immediately. The company noted that delayed patching has previously enabled successful breaches, emphasizing the importance of maintaining supported software versions and prompt updates.

Exploitation and Impact

Defused confirmed that the vulnerability is now being exploited in real-world scenarios, with initial attacks detected over the weekend via honeypot monitoring. The flaw carries a CVSS score of 9.8, indicating severe risk, and lacks publicly available proof-of-concept code or prior exploitation records. Shadowserver, an internet security organization, reported over 450 Oracle EBS instances exposed online, with approximately 200 located in the United States and Europe. However, the extent to which these systems have been secured against current threats remains unclear.

Recent Oracle Breaches

This incident follows a series of recent Oracle-related breaches. The Clop ransom group previously exploited a separate EBS vulnerability (CVE-2025-61882) to target U.S. academic institutions, media outlets, and corporations. In 2024, CISA highlighted the active exploitation of a WebLogic Server flaw (CVE-2024-21182) despite its two-year-old patch. Oracle also resolved a critical PeopleSoft Suite zero-day (CVE-2026-35273) linked to ShinyHunter data theft operations.

Recommendations for Organizations

Over recent years, CISA has identified 44 Oracle vulnerabilities as actively exploited, 13 of which were tied to ransomware campaigns. Organizations are advised to prioritize patch management and continuous monitoring to mitigate risks associated with unaddressed vulnerabilities. Security teams must verify configurations across all systems to prevent unauthorized access and data compromise.