cybersecuritydive.com • 6h
Critical Unauthenticated Remote Takeover in Oracle E-Business Suite CVE-2026-46817
CVE-2026-46817 is a critical authentication bypass vulnerability residing within the Oracle Payments component of the Oracle E-Business Suite (EBS). Rated with a CVSS v3.1 score of 9.8, this flaw permits unauthenticated remote attackers to circumvent security protocols and achieve full administrative or root-level control over the EBS instance. Research from Defused Cyber confirms that the vulnerability is currently being exploited in the wild. By targeting specific vulnerable API endpoints, adversaries can compromise the integrity of corporate financial records, payment processing workflows, and sensitive enterprise PII, posing a systemic risk of ransomware deployment and long-term persistence within ERP environments.