THREAT WATCH
Critical Fortinet FortiSandbox: CVE-2026-25089 — Fortinet FortiSandbox OS Command Injection Vulnerability Critical Fortinet FortiSandbox: CVE-2026-39808 — Fortinet FortiSandbox OS Command Injection Vulnerability Critical Oracle E-Business Suite: CVE-2026-46817 — Oracle E-Business Suite Improper Privilege Management Vulnerability High KNX Association KNX Protocol Connection Authorization Option 1: CVE-2023-4346 — KNX Association KNX Protocol Connection Authorization Option 1 Overly Restrictive Account Lockout Mechanism Vulnerability High Microsoft Active Directory Federation Services: CVE-2026-56155 — Microsoft Active Directory Federation Services Insufficient Granularity of Access Control Vulnerability Medium Microsoft SharePoint Server: CVE-2026-56164 — Microsoft SharePoint Server Missing Authentication for Critical Function Vulnerability Critical SonicWall SMA1000 Appliances: CVE-2026-15409 — SonicWall SMA1000 Appliances Server-Side Request Forgery Vulnerability High SonicWall SMA1000 Appliances: CVE-2026-15410 — SonicWall SMA1000 Appliances Code Injection Vulnerability Critical Fortinet FortiSandbox: CVE-2026-25089 — Fortinet FortiSandbox OS Command Injection Vulnerability Critical Fortinet FortiSandbox: CVE-2026-39808 — Fortinet FortiSandbox OS Command Injection Vulnerability Critical Oracle E-Business Suite: CVE-2026-46817 — Oracle E-Business Suite Improper Privilege Management Vulnerability High KNX Association KNX Protocol Connection Authorization Option 1: CVE-2023-4346 — KNX Association KNX Protocol Connection Authorization Option 1 Overly Restrictive Account Lockout Mechanism Vulnerability High Microsoft Active Directory Federation Services: CVE-2026-56155 — Microsoft Active Directory Federation Services Insufficient Granularity of Access Control Vulnerability Medium Microsoft SharePoint Server: CVE-2026-56164 — Microsoft SharePoint Server Missing Authentication for Critical Function Vulnerability Critical SonicWall SMA1000 Appliances: CVE-2026-15409 — SonicWall SMA1000 Appliances Server-Side Request Forgery Vulnerability High SonicWall SMA1000 Appliances: CVE-2026-15410 — SonicWall SMA1000 Appliances Code Injection Vulnerability

CVE-2026-46817 — Oracle E-Business Suite Improper Privilege Management Vulnerability

Back to Threat Intel Dashboard
Critical CVSS 9.8 Actively exploited · CISA KEV

Oracle E-Business Suite

CVE-2026-46817 Added Jul 15, 2026 Remediation due in 1 day
TL;DR

Oracle E-Business Suite is affected by a critical-severity vulnerability (CVE-2026-46817) that is confirmed to be actively exploited in the wild. Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.

What is this vulnerability?

Vulnerability in the Oracle Payments product of Oracle E-Business Suite (component: File Transmission). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Payments. Successful attacks of this vulnerability can result in takeover of Oracle Payments. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

How it works

This is classified as Improper Privilege Management. In plain terms, an attacker could use this flaw in E-Business Suite to gain access, disrupt service, or steal data — the exact impact depends on how it’s deployed in your environment.

CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Required action

Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.

Mitigations

  • Apply the vendor’s security patch or update as soon as it’s available and tested.
  • If no patch exists yet, apply the vendor’s temporary workaround.
  • Limit network exposure of the affected system until it’s patched.
  • Review logs for signs of prior exploitation, especially if it’s flagged for ransomware use.

Recommendations

  • Confirm whether Oracle E-Business Suite is used anywhere in your environment.
  • Patch internet-facing systems first, then internal ones.
  • Set a reminder ahead of the remediation deadline so it doesn’t slip.
  • Subscribe to the vendor’s security advisories for earlier warning next time.

Compiled from public threat intelligence (CISA Known Exploited Vulnerabilities catalog and the National Vulnerability Database, referenced in 2 public advisories).