Particle.news
Download on the App Store

Attackers Are Exploiting a Critical Oracle E‑Business Payments Flaw

Successful attacks let unauthenticated HTTP requests read server files, risking takeover of Oracle Payments and forcing urgent patching and isolation steps.

Overview

  • Threat intelligence firm Defused said it observed exploitation attempts against its Oracle E‑Business honeypots over the weekend of June 27, marking the first known in‑the‑wild use of CVE‑2026‑46817.
  • The bug affects the Payments File Transmission component (ibytransmit endpoint) in Oracle E‑Business Suite versions 12.2.3 through 12.2.15 and can be abused without authentication to read files and seize Oracle Payments.
  • Oracle released a fix in its May 2026 Critical Security Patch Update and has urged customers to apply the update immediately to remove this high‑severity (CVSS 9.8) risk.
  • Internet‑scanning group Shadowserver reports roughly 900–950 Oracle EBS instances reachable online, leaving a large attack surface for opportunistic actors to target unpatched systems.
  • This exploitation fits a pattern of attackers weaponizing unpatched Oracle products for data theft and extortion, so organizations should restrict EBS web interfaces from public access, scan logs for POSTs to /OA_HTML/ibytransmit, and conduct forensic reviews and credential rotations if compromise is suspected.