What is CVE-2026-46817?
Vulnerability in the Oracle Payments product of Oracle E-Business Suite (component: File Transmission). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Payments. Successful attacks of this vulnerability can result in takeover of Oracle Payments. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
Timeline
- 2026-05-28Published to the U.S. National Vulnerability Database (NVD)
- 2026-07-15Added to the CISA Known Exploited Vulnerabilities (KEV) catalog
- 2026-07-15NVD record last updated
- 2026-07-18CISA federal remediation deadline (BOD 22-01)
CISA Known Exploited Vulnerability
Oracle E-Business Suite Improper Privilege Management Vulnerability
Affected product
Oracle E-Business Suite
Remediation Steps
- Apply the vendor security update for Oracle E-Business Suite as a priority.
- Restrict network exposure of the affected service to trusted sources until patched.
- Review logs and detections for indicators of exploitation.
- Confirm fixed versions against the official vendor advisory before deploying.
References
Referenced in our briefings & reports
- Vulnerability Priority Report – Week 2 of July 2026 (July 13 – 19)
Browse all tracked CVEs in the defend.network CVE database →
🤖 This CVE page is generated by defend.network from NVD, CISA KEV, EPSS, and our verified daily briefings. Severity and exploitation data come from official sources; always verify remediation steps against the official vendor advisory before acting in production.