CISA added two vulnerabilities to its Known Exploited Vulnerabilities catalog, raising the total from 1,642 to 1,644, including CVE-2026-46817, a critical flaw in Oracle E-Business Suite Oracle Payments, and CVE-2023-4346, which affects KNX Protocol Connection Authorization Option 1. The Oracle issue affects Oracle Payments File Transmission in E-Business Suite versions 12.2.3 through 12.2.15 and is being actively exploited, while the KNX flaw can let an attacker purge devices that lack additional security options and set a BCU key that locks the device.
The Oracle vulnerability can be exploited remotely over HTTP without authentication or user interaction through the /OA_HTML/ibytransmit endpoint using crafted XML DeliveryRequest payloads, allowing arbitrary file reads and possible exposure of credentials, encryption keys, payment processor API keys, and sensitive ERP or financial data. Oracle released fixes in its May 2026 Critical Patch Update and a supplementary update in June, and CISA directed organizations to apply vendor mitigations and follow BOD 26-04 deadlines; security researchers warned that internet-facing, unpatched Oracle E-Business Suite instances should be treated as potentially compromised.

Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
5 events from the most recent confirmed update back to the earliest known activity.
CISA directed U.S. federal agencies to secure Oracle E-Business Suite systems against CVE-2026-46817 under Binding Operational Directive 26-04. The order followed CISA's confirmation of active exploitation and set a remediation deadline of Saturday, July 18.
CISA updated its Known Exploited Vulnerabilities catalog to add CVE-2026-46817 affecting Oracle E-Business Suite and CVE-2023-4346 affecting KNX Protocol Connection Authorization Option 1. The catalog count increased from 1642 to 1644.
Threat intelligence firm Defused reported first observed exploitation of CVE-2026-46817 on June 27, 2026. It described six unauthenticated file-read attempts from a single Europe-based IP address and assessed the activity as a targeted proof-of-concept rather than broad scanning.
Oracle reinforced its remediation for CVE-2026-46817 with a supplementary update. The update followed the earlier May Critical Patch Update for the same Oracle E-Business Suite flaw.
Oracle issued fixes for CVE-2026-46817 in its Critical Patch Update. The vulnerability affects the Oracle Payments File Transmission component in Oracle E-Business Suite.
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
12 references tracked. Mallory keeps watching after this page renders.
thecybersecguru.com
Open sourcescworld.com
Open sourcesecurityaffairs.com
Open sourcethreataft.com
Open sourcelabs.beazley.security
Open sourcecve.org
Open sourcecve.org
Open sourceoracle.com
Open sourceMap indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.