GoKawiilAttackers have begun exploiting a critical vulnerability (tracked as CVE-2026-46817) in the Oracle E-Business Suite (EBS) financial application, according to threat intelligence company Defused.
This security flaw was found in the File Transmission component of EBS's Oracle Payments product and enables unauthenticated malicious actors with HTTP network access to take over vulnerable systems through low-complexity attacks.
Oracle released security updates to address the vulnerability with its May 2026 Critical Security Patch Update and urged customers to patch their systems immediately.
"Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released security patches," the company warned at the time.
"In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore strongly recommends that customers remain on actively-supported versions and apply security patches without delay."
While Oracle has yet to flag the CVE-2026-46817 flaw as exploited in the wild, Defused said on Monday that attackers are now actively exploiting it, with the first attempts spotted over the weekend.
"CVE-2026-46817 (CVSS 9.8 unauth HTTP takeover in Oracle E-Business) is being exploited. Over the weekend, we observed an actor exploiting the vulnerability on our Oracle E-Business honeypots. This vulnerability has no known previous exploitation and no public POC code exists," it warned.
CVE-2026-46817 exploitation (Defused)
Internet security watchdog group Shadowserver now tracks over 450 Oracle EBS instances exposed online, with nearly 200 in the United States and in Europe.
However, there is no information on how many of them have already been secured against these ongoing attacks.
... continue reading