CVE-2026-46817
published 2026-05-28CVE-2026-46817: Vulnerability in the Oracle Payments product of Oracle E-Business Suite (component: File Transmission). Supported versions that are affected are…
PriorityP188critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
ITWVulnCheck KEV
Exploited in the wild
EPSS
0.68%
47.6th percentile
Vulnerability in the Oracle Payments product of Oracle E-Business Suite (component: File Transmission). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Payments. Successful attacks of this vulnerability can result in takeover of Oracle Payments. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| oracle | e-business_suite | 12.2.3 – 12.2.15 | — |
| oracle_corporation | oracle_payments | 12.2.3 – 12.2.15 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Active exploitation observed against Oracle E-Business Suite Oracle Payments (File Transmission component) via HTTP, with no public PoC — honeypot telemetry confirms in-the-wild attacks ↗
- →Exploitation is unauthenticated and network-accessible over HTTP — prioritize perimeter detection and logging of anomalous HTTP requests to Oracle Payments File Transmission endpoints ↗
- →Code execution triggers on application server restart, not on the inbound request — correlate server restart events with preceding suspicious HTTP activity to Oracle Payments endpoints ↗
- →Assume compromise posture recommended for unpatched Oracle E-Business Suite 12.2.3–12.2.15 instances; investigate for persistence establishment prior to patch application ↗
- ·Affected versions are Oracle E-Business Suite 12.2.3 through 12.2.15 (Oracle Payments, File Transmission component); versions outside this range are not affected ↗
- ·No public proof-of-concept code exists as of reporting; exploitation details, threat actor attribution, and campaign scope remain unknown ↗
- ·Oracle has released patches via its Critical Security Patch Update; detection efforts should be paired with immediate patching ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vulncheck9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Oracle Payments up to 12.2.15 File Transmission Remote Code Execution
vuldb·2026-05-28·CVSS 9.8
CVE-2026-46817 [CRITICAL] Oracle Payments up to 12.2.15 File Transmission Remote Code Execution
A vulnerability classified as critical has been found in Oracle Payments up to 12.2.15. The affected element is an unknown function of the component File Transmission. The manipulation leads to Remote Code Execution.
This vulnerability is documented as CVE-2026-46817. The attack can be initiated remotely. There is not any exploit available.
It is recommended to upgrade the affected component.
GHSA
GHSA-pv4m-gf99-c5jr: Vulnerability in the Oracle Payments product of Oracle E-Business Suite (component: File Transmission)
ghsa_unreviewed·2026-05-28
CVE-2026-46817 [CRITICAL] CWE-269 GHSA-pv4m-gf99-c5jr: Vulnerability in the Oracle Payments product of Oracle E-Business Suite (component: File Transmission)
Vulnerability in the Oracle Payments product of Oracle E-Business Suite (component: File Transmission). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Payments. Successful attacks of this vulnerability can result in takeover of Oracle Payments. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
VulnCheck
Oracle E-Business Suite Improper Privilege Management
vulncheck·2026·CVSS 9.8
CVE-2026-46817 [CRITICAL] Oracle E-Business Suite Improper Privilege Management
Oracle E-Business Suite Improper Privilege Management
Vulnerability in the Oracle Payments product of Oracle E-Business Suite (component: File Transmission). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Payments. Successful attacks of this vulnerability can result in takeover of Oracle Payments. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
Affected: Oracle E-Business Suite
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://kevintel.
No detection rules found.
No public exploits indexed.
2026-05-28
Published
Exploited in the wild